CVE-2022-31705

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Information

Published : 2022-12-14 11:15

Updated : 2022-12-19 07:43


NVD link : CVE-2022-31705

Mitre link : CVE-2022-31705


JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa

Products Affected

apple

  • mac_os_x

vmware

  • workstation
  • fusion
  • esxi