CVE-2024-22267 - Vulnerability Details - OpenCVE

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Macos
Vmware	Fusion Vmware Workstation Workstation

Configuration 1 [-]

AND

cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

History

Fri, 14 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Vmware workstation
CPEs		cpe:2.3:a:vmware:fusion:::::::: cpe:2.3:a:vmware:workstation:::::::: cpe:2.3:o:apple:macos:-:::::::*
Vendors & Products		Apple Apple macos Vmware workstation

Fri, 14 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vmware Vmware fusion Vmware vmware Workstation
Weaknesses		CWE-416
CPEs		cpe:2.3:a:vmware:fusion:13.0.0:::::::* cpe:2.3:a:vmware:vmware_workstation:17.0:::::::*
Vendors & Products		Vmware Vmware fusion Vmware vmware Workstation
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-05-14T12:58:31.261Z

Updated: 2025-03-14T14:56:10.154Z

Reserved: 2024-01-08T18:43:17.078Z

Link: CVE-2024-22267

Vulnrichment

Updated: 2024-08-01T22:43:34.527Z

NVD

Status : Modified

Published: 2024-05-14T16:16:06.610

Modified: 2025-03-14T15:15:39.803

Link: CVE-2024-22267

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22267", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:17.078Z", "datePublished": "2024-05-14T12:58:31.261Z", "dateUpdated": "2025-03-14T14:56:10.154Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "VMware Workstation", "vendor": "NA", "versions": [{"lessThan": "17.5.2", "status": "affected", "version": "17.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "VMware Fusion", "vendor": "N/A", "versions": [{"lessThan": "13.5.2", "status": "affected", "version": "13.x", "versionType": "custom"}]}], "datePublic": "2024-05-14T04:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. </span>A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>"}], "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Use-after-free vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-05-14T12:58:31.261Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "affected": [{"vendor": "vmware", "product": "vmware_workstation", "cpes": ["cpe:2.3:a:vmware:vmware_workstation:17.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "17.0", "status": "affected", "lessThan": "17.5.2", "versionType": "custom"}]}, {"vendor": "vmware", "product": "fusion", "cpes": ["cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0.0", "status": "affected", "lessThan": "13.5.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-17T04:00:38.016096Z", "id": "CVE-2024-22267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T14:56:10.154Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-17T04:00:38.016096Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:vmware_workstation:17.0:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "vmware_workstation", "versions": [{"status": "affected", "version": "17.0", "lessThan": "17.5.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "fusion", "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.5.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-17T12:01:30.093Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NA", "product": "VMware Workstation", "versions": [{"status": "affected", "version": "17.x", "lessThan": "17.5.2", "versionType": "custom"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}, {"vendor": "N/A", "product": "VMware Fusion", "versions": [{"status": "affected", "version": "13.x", "lessThan": "13.5.2", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "datePublic": "2024-05-14T04:40:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. </span>A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use-after-free vulnerability"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-05-14T12:58:31.261Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22267", "state": "PUBLISHED", "dateUpdated": "2025-03-14T14:56:10.154Z", "dateReserved": "2024-01-08T18:43:17.078Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-05-14T12:58:31.261Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "373FFB23-C9E8-495D-BD27-6DC875887440", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA567E5A-412F-4ED3-9434-E0290CDF753F", "versionEndExcluding": "17.5.2", "versionStartIncluding": "17.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\n"}, {"lang": "es", "value": "VMware Workstation y Fusion contienen una vulnerabilidad de use-after-free en el dispositivo vbluetooth. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede aprovechar este problema para ejecutar c\u00f3digo como el proceso VMX de la m\u00e1quina virtual que se ejecuta en el host."}], "id": "CVE-2024-22267", "lastModified": "2025-03-14T15:15:39.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T16:16:06.610", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}