VMware patches critical vulnerability

By

Issues fixes for Workstation, Fusion products.

VMware has patched a critical Bluetooth bug in its Workstation Pro, Workstation Player, and Fusion products, disclosed by STAR Labs at Pwn2Own.

VMware patches critical vulnerability

The vendor’s advisory explains that CVE-2023-20869 is a stack-based overflow in the Bluetooth device-sharing functionality.

Even though it’s only exploitable by an attacker with local virtual machine admin privileges, the company still rated the bug as “critical”, with a CVSS score of 9.3.

An attacker could “exploit this issue to execute code as the virtual machine's VMX process running on the host”, the company said.

The advisory also details several other bugs attributed to STAR Labs, rated as “high” severity.

CVE-2023-20870 is an information disclosure vulnerability due to an out-of-bounds read, giving the attacker a vector to read privileged information in hypervisor memory.

CVE-2023-20871 only affects Fusion. It’s a local privilege escalation bug that lets an attacker get root access to the host operating system.

Finally, CVE-2023-20872 is an out-of-bounds read in the software’s SCSI CD/DVD emulation.

“A malicious attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual SCSI controller may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine,” the advisory stated.

Vulnerable versions of Workstation are in the 17.x branch and have been patched in 17.0.2, while the Fusion 13.x branch has been patched in 13.0.2.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?