VMware Addresses Critical Sandbox Escape Vulnerabilities in Multiple Products

March 6, 2024

VMware has issued security patches to rectify critical sandbox escape vulnerabilities present in its ESXi, Workstation, Fusion, and Cloud Foundation products. These vulnerabilities could enable attackers to break free from the confines of virtual machines and gain unauthorized access to the host operating system. Such flaws are particularly dangerous as they could potentially allow threat actors to gain unauthorized access to the host system where a hypervisor is installed or gain access to other virtual machines operating on the same host, thereby breaking their isolation.

The advisory identified four vulnerabilities, labeled as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255. These vulnerabilities have CVSS v3 scores ranging from 7.1 to 9.3, but all are rated with a critical severity.

To mitigate CVE-2024-22252, CVE-2024-22253, and CVE-2024-22255, a practical workaround is to remove USB controllers from virtual machines by following the instructions provided by the vendor. However, it should be noted that this could affect the connectivity of keyboards, mice, and USB sticks in certain configurations.

Given the severity of these vulnerabilities, VMware has also made security patches available for older versions of ESXi (6.7U3u), 6.5 (6.5U3v), and VCF 3.x. In addition, the vendor has published a FAQ to accompany the bulletin, underlining the urgency of prompt patching and providing guidance on response planning and workaround/fix implementation for specific products and configurations.

As of now, VMware has not observed or received any reports of active exploitation of these four vulnerabilities. However, system administrators are encouraged to subscribe to the VMSA mailing list for proactive alerts in case the exploitation status changes.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.