VMware ESXi/Workstation/Fusion/Cloud Foundation XHCI USB Controller use after free
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in VMware ESXi, Workstation, Fusion and Cloud Foundation. This affects an unknown part of the component XHCI USB Controller. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2024-22252. It is possible to launch the attack on the local host. There is not any exploit available. You should upgrade the affected component.
Details
A vulnerability was found in VMware ESXi, Workstation, Fusion and Cloud Foundation (Virtualization Software) (affected version not known). It has been declared as critical. This vulnerability affects some unknown functionality of the component XHCI USB Controller. The manipulation with an unknown input leads to a use after free vulnerability. The CWE definition for the vulnerability is CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
The weakness was released 03/05/2024 as VMSA-2024-0006. The advisory is shared for download at vmware.com. This vulnerability was named CVE-2024-22252 since 01/08/2024. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 02/26/2025).
Upgrading eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.5
VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.7
NVD Vector: 🔍
CNA Base Score: 9.3
CNA Vector (VMware): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Use after freeCWE: CWE-416 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
01/08/2024 🔍03/05/2024 🔍
03/05/2024 🔍
02/26/2025 🔍
Sources
Vendor: vmware.comAdvisory: VMSA-2024-0006
Status: Confirmed
CVE: CVE-2024-22252 (🔍)
GCVE (CVE): GCVE-0-2024-22252
GCVE (VulDB): GCVE-100-255796
scip Labs: https://www.scip.ch/en/?labs.20060413
Entry
Created: 03/05/2024 20:51Updated: 02/26/2025 19:58
Changes: 03/05/2024 20:51 (50), 02/26/2025 19:58 (27)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.