#CVE202422253

VMware urges emergency action to blunt hypervisor flaws

by

March 7, 2024 at 02:33AM Hypervisor heavyweight VMware by Broadcom disclosed vulnerabilities in its hypervisors, rated 9.3/10 and 8.4, allowing a local actor to execute code outside the virtual machine. Another vulnerability, rated 7.1, affects VMware’s older vSphere 6.x. Workarounds include removing virtual USB controllers, impacting keyboard and mouse access. Researchers from 2023’s Tianfu Cup … Read more

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

by

March 6, 2024 at 03:15AM VMware has issued patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical bugs allowing code execution. The vulnerabilities, including use-after-free bugs in the XHCI USB controller, carry high CVSS scores. CVE-2024-22252 and CVE-2024-22253 were discovered by multiple security researchers and require immediate patching. Temporary workaround includes … Read more