CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
vmwareCNA
8.1 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
vmwarecloud_foundation
4.0 ≤
𝑥
< 5.1.1
vmwareworkstation
17.0.0 ≤
𝑥
< 17.5.1
vmwareesxi
7.0
vmwareesxi
7.0:beta
vmwareesxi
7.0:update_1
vmwareesxi
7.0:update_1a
vmwareesxi
7.0:update_1b
vmwareesxi
7.0:update_1c
vmwareesxi
7.0:update_1d
vmwareesxi
7.0:update_1e
vmwareesxi
7.0:update_2
vmwareesxi
7.0:update_2a
vmwareesxi
7.0:update_2c
vmwareesxi
7.0:update_2d
vmwareesxi
7.0:update_2e
vmwareesxi
7.0:update_3
vmwareesxi
7.0:update_3c
vmwareesxi
7.0:update_3d
vmwareesxi
7.0:update_3e
vmwareesxi
7.0:update_3f
vmwareesxi
7.0:update_3g
vmwareesxi
7.0:update_3i
vmwareesxi
7.0:update_3j
vmwareesxi
7.0:update_3k
vmwareesxi
7.0:update_3l
vmwareesxi
7.0:update_3m
vmwareesxi
7.0:update_3n
vmwareesxi
7.0:update_3o
vmwareesxi
7.0:update_3p
vmwareesxi
8.0
vmwareesxi
8.0:a
vmwareesxi
8.0:b
vmwareesxi
8.0:c
vmwareesxi
8.0:update_1
vmwareesxi
8.0:update_1a
vmwareesxi
8.0:update_1c
vmwareesxi
8.0:update_2
vmwarefusion
13.0.0 ≤
𝑥
< 13.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308