VMware Workstation and Fusion Critical Security Flaws Fixed

30-May-24

VMware, a leading virtualization technology company, has fixed multiple security vulnerabilities found in VMware Workstation and Fusion products. These flaws, if exploited, could allow attackers to cause a denial of service, obtain sensitive information, and execute arbitrary code. The affected versions are Workstation 17.x and Fusion 13.x, with patches available in versions 17.5.2 and 13.5.2 respectively.


CVE-2024-22267 (CVSS score: 9.3): This is a use-after-free vulnerability in the vbluetooth device which can be exploited by an attacker if they have local administrative privileges on the VM. It allows them to execute code as the VMX process running on the host machine.


CVE-2024-22268 (CVSS score: 7.1): This is a heap buffer-overflow vulnerability in the Shader functionality. An attacker can leverage this to crash the virtual machine (DoS condition).

Read More…