Vulnerabilità critica – VMSA-2022-0004 – VMware ESXi, Workstation e Fusion

Nuova vulnerabilità in “severity level Critical” Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) è stata resa pubblica da VMware il 15 Febbraio 2022. La vulnerabilità può essere sfruttata per propagare un worm Internet o eseguire codice arbitrario tra macchine virtuali e/o il sistema operativo host.

Riporto dettagli da comunicazione ufficiale VMware:

https://www.vmware.com/security/advisories/VMSA-2022-0004.html

Known Attack Vectors

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
Resolution:

To remediate CVE-2021-22040 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.


Workarounds:

Workarounds for CVE-2021-22040 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.


Additional Documentation:

A supplemental blog post was created for additional clarification. Please see: https://via.vmw.com/vmsa-2022-0004-qna.

Prodotti Impattati:
  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation (Cloud Foundation)

Link utili:

Response Matrix: – 3a & 3b

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
ESXi7.0 U3AnyCVE-2021-22040, CVE-2021-220418.4importantESXi70U3c-19193900KB87349FAQ
ESXi7.0 U2AnyCVE-2021-22040, CVE-2021-220418.4importantESXi70U2e-19290878KB87349FAQ
ESXi7.0 U1AnyCVE-2021-22040, CVE-2021-220418.4importantESXi70U1e-19324898KB87349FAQ
ESXi6.7AnyCVE-2021-22040, CVE-2021-220418.4important[1] ESXi670-202111101-SGKB87349FAQ
ESXi6.5AnyCVE-2021-22040, CVE-2021-220418.4importantESXi650-202202401-SGKB87349FAQ
Fusion12.xOS XCVE-2021-22040, CVE-2021-220418.4important12.2.1KB87349FAQ
Workstation16.xAnyCVE-2021-22040, CVE-2021-220418.4important16.2.1KB87349FAQ

Impacted Product Suites that Deploy Response Matrix 3a & 3b Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (ESXi)4.xAnyCVE-2021-22040, CVE-2021-220418.4important4.4KB87349FAQ
Cloud Foundation (ESXi)3.xAnyCVE-2021-22040, CVE-2021-220418.4important3.11KB87349FAQ

Alessandro Romeo