Broadcom Releases Security Updates for VMware ESXi, Workstation, Fusion, and vCenter Server

Broadcom has released an advisory that addresses three security vulnerabilities in VMware ESXi, VMware vCenter Server, VMware Cloud Foundation, VMware Workstation, and VMware Fusion.

VMware ESXi is an enterprise-class hypervisor, VMware vCenter server is a centralised virtual machine manager, and Cloud Foundation is a platform for the provision of cloud environments. Workstation is a line of desktop hypervisor products that let users run virtual machines, containers, and Kubernetes clusters and VMware Fusion is the hypervisor developed for macOS systems.

• CVE-2024-22273 The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. An attacker with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial-of-service (DoS) condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
• CVE-2024-22274 The vCenter Server contains an authenticated remote code execution (RCE) vulnerability. An attacker with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
• CVE-2024-22275 The vCenter Server contains a partial file read vulnerability. An attacker with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.