CVE-2024-22267

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22267
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

9.3 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Vendor Advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
History

14 Mar 2025, 15:15

Type Values Removed Values Added
CWE CWE-416
First Time Apple macos
Vmware
Vmware fusion
Apple
Vmware workstation
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - Vendor Advisory
CPE cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 -
Summary
  • (es) VMware Workstation y Fusion contienen una vulnerabilidad de use-after-free en el dispositivo vbluetooth. Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host.

14 May 2024, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 16:16

Updated : 2025-03-14 15:15

NVD link : CVE-2024-22267

Mitre link : CVE-2024-22267

CVE.ORG link : CVE-2024-22267

JSON object : View

Products Affected

vmware

  • workstation
  • fusion

apple

  • macos
CWE
CWE-416

Use After Free