CVE-2024-22273
First published: Tue May 21 2024(Updated: )
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESXi and Horizon DaaS | ||
| VMware Workstation and ESXi | ||
| VMware Fusion | ||
| VMware vCenter Server and Cloud Foundation | >=4.0<5.1.1 | |
| VMware Workstation and ESXi | >=17.0.0<17.5.1 | |
| VMware ESXi and Horizon DaaS | =7.0 | |
| VMware ESXi and Horizon DaaS | =7.0-beta | |
| VMware ESXi and Horizon DaaS | =7.0-update_1 | |
| VMware ESXi and Horizon DaaS | =7.0-update_1a | |
| VMware ESXi and Horizon DaaS | =7.0-update_1b | |
| VMware ESXi and Horizon DaaS | =7.0-update_1c | |
| VMware ESXi and Horizon DaaS | =7.0-update_1d | |
| VMware ESXi and Horizon DaaS | =7.0-update_1e | |
| VMware ESXi and Horizon DaaS | =7.0-update_2 | |
| VMware ESXi and Horizon DaaS | =7.0-update_2a | |
| VMware ESXi and Horizon DaaS | =7.0-update_2c | |
| VMware ESXi and Horizon DaaS | =7.0-update_2d | |
| VMware ESXi and Horizon DaaS | =7.0-update_2e | |
| VMware ESXi and Horizon DaaS | =7.0-update_3 | |
| VMware ESXi and Horizon DaaS | =7.0-update_3c | |
| VMware ESXi and Horizon DaaS | =7.0-update_3d | |
| VMware ESXi and Horizon DaaS | =7.0-update_3e | |
| VMware ESXi and Horizon DaaS | =7.0-update_3f | |
| VMware ESXi and Horizon DaaS | =7.0-update_3g | |
| VMware ESXi and Horizon DaaS | =7.0-update_3i | |
| VMware ESXi and Horizon DaaS | =7.0-update_3j | |
| VMware ESXi and Horizon DaaS | =7.0-update_3k | |
| VMware ESXi and Horizon DaaS | =7.0-update_3l | |
| VMware ESXi and Horizon DaaS | =7.0-update_3m | |
| VMware ESXi and Horizon DaaS | =7.0-update_3n | |
| VMware ESXi and Horizon DaaS | =7.0-update_3o | |
| VMware ESXi and Horizon DaaS | =7.0-update_3p | |
| VMware ESXi and Horizon DaaS | =8.0 | |
| VMware ESXi and Horizon DaaS | =8.0-a | |
| VMware ESXi and Horizon DaaS | =8.0-b | |
| VMware ESXi and Horizon DaaS | =8.0-c | |
| VMware ESXi and Horizon DaaS | =8.0-update_1 | |
| VMware ESXi and Horizon DaaS | =8.0-update_1a | |
| VMware ESXi and Horizon DaaS | =8.0-update_1c | |
| VMware ESXi and Horizon DaaS | =8.0-update_2 | |
| All of | ||
| VMware Fusion | >=13.0.0<13.5.1 | |
| macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22273?
CVE-2024-22273 has been classified as a critical vulnerability due to the potential for remote code execution and denial of service.
How do I fix CVE-2024-22273?
To fix CVE-2024-22273, update to the latest version of VMware ESXi, Workstation, or Fusion that contains the security patch.
What software is affected by CVE-2024-22273?
CVE-2024-22273 affects VMware ESXi, Workstation, and Fusion products with storage controllers enabled.
Can CVE-2024-22273 lead to a denial of service?
Yes, exploiting CVE-2024-22273 can create a denial of service condition on the hypervisor.
Who can exploit CVE-2024-22273?
A malicious actor with access to a virtual machine with storage controllers enabled can exploit CVE-2024-22273.
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/source
- agent/severity
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/vmware
- canonical/vmware esxi and horizon daas
- canonical/vmware workstation and esxi
- canonical/vmware fusion
- canonical/vmware vcenter server and cloud foundation
- version/vmware vcenter server and cloud foundation/4.0
- version/vmware workstation and esxi/17.0.0
- version/vmware esxi and horizon daas/7.0
- version/vmware esxi and horizon daas/7.0-beta
- version/vmware esxi and horizon daas/7.0-update_1
- version/vmware esxi and horizon daas/7.0-update_1a
- version/vmware esxi and horizon daas/7.0-update_1b
- version/vmware esxi and horizon daas/7.0-update_1c
- version/vmware esxi and horizon daas/7.0-update_1d
- version/vmware esxi and horizon daas/7.0-update_1e
- version/vmware esxi and horizon daas/7.0-update_2
- version/vmware esxi and horizon daas/7.0-update_2a
- version/vmware esxi and horizon daas/7.0-update_2c
- version/vmware esxi and horizon daas/7.0-update_2d
- version/vmware esxi and horizon daas/7.0-update_2e
- version/vmware esxi and horizon daas/7.0-update_3
- version/vmware esxi and horizon daas/7.0-update_3c
- version/vmware esxi and horizon daas/7.0-update_3d
- version/vmware esxi and horizon daas/7.0-update_3e
- version/vmware esxi and horizon daas/7.0-update_3f
- version/vmware esxi and horizon daas/7.0-update_3g
- version/vmware esxi and horizon daas/7.0-update_3i
- version/vmware esxi and horizon daas/7.0-update_3j
- version/vmware esxi and horizon daas/7.0-update_3k
- version/vmware esxi and horizon daas/7.0-update_3l
- version/vmware esxi and horizon daas/7.0-update_3m
- version/vmware esxi and horizon daas/7.0-update_3n
- version/vmware esxi and horizon daas/7.0-update_3o
- version/vmware esxi and horizon daas/7.0-update_3p
- version/vmware esxi and horizon daas/8.0
- version/vmware esxi and horizon daas/8.0-a
- version/vmware esxi and horizon daas/8.0-b
- version/vmware esxi and horizon daas/8.0-c
- version/vmware esxi and horizon daas/8.0-update_1
- version/vmware esxi and horizon daas/8.0-update_1a
- version/vmware esxi and horizon daas/8.0-update_1c
- version/vmware esxi and horizon daas/8.0-update_2
- version/vmware fusion/13.0.0
- vendor/apple
- canonical/macos