cve-2024-22255
Vulnerability from cvelistv5
Published
2024-03-05 17:58
Modified
2024-11-04 17:17
Severity ?
EPSS score ?
Summary
Information disclosure vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T18:16:34.279529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:17:14.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U2sb-23305545",
"status": "affected",
"version": "8.0 ",
"versionType": "custom"
},
{
"lessThan": "ESXi80U1d-23299997",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3p-23307199",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.5.1",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.5.1",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eA malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.\u00a0A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u00a0\u00a0\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T17:59:56.500Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22255",
"datePublished": "2024-03-05T17:58:35.987Z",
"dateReserved": "2024-01-08T18:43:15.942Z",
"dateUpdated": "2024-11-04T17:17:14.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22255\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-03-05T18:15:48.277\",\"lastModified\":\"2025-05-07T15:37:25.187\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.\u00a0A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u00a0\u00a0\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el controlador USB UHCI. Un actor malintencionado con acceso administrativo a una m\u00e1quina virtual puede aprovechar este problema para perder memoria del proceso vmx.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":4.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndIncluding\":\"5.0\",\"matchCriteriaId\":\"3D725D84-6426-459F-9B49-ADE7A13FA19A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.5.1\",\"matchCriteriaId\":\"B0BFB423-5C6D-40F3-960A-53D9955E7621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*\",\"matchCriteriaId\":\"A790D41E-B398-4233-9EC7-CF5BE2BC3161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7619C16-5306-4C4A-88E8-E80876635F66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*\",\"matchCriteriaId\":\"238E7AF4-722B-423D-ABB1-424286B06715\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E4DE8C7-72FB-4BEC-AD9E-378786295011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E6DE184-35C8-4A13-91D4-4B43E9F0168C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E3A02D-6C1E-4DE8-B845-60F53C056F32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D385F0-DB2B-4802-AD0E-31441DA056B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C202879-9230-4E1D-BAB8-4FB7CE4BBC24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC6DC107-5142-4155-A33B-D5BE72E9ED38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*\",\"matchCriteriaId\":\"39817170-5C45-4F8A-916D-81B7352055DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ADC3CFF-7415-46A5-817A-2F053B261E8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F831A7-544E-4B45-BA49-7F7A0234579C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*\",\"matchCriteriaId\":\"80A0DD2E-F1CC-413B-91F9-E3986011A0A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*\",\"matchCriteriaId\":\"C77771B2-BC64-47A5-B6DB-9CBCC4456B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*\",\"matchCriteriaId\":\"86DE9CE6-F6C0-47D2-B3AB-34852A8B9603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*\",\"matchCriteriaId\":\"E75B2F03-702E-4359-9BB2-E234F1DC38C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACAA9494-5248-4B01-8BC1-C38AB615FFD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF12014B-BF2B-42EF-B70C-59CDA8E2176F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*\",\"matchCriteriaId\":\"F965D853-EE4A-41F5-840B-2D009ACC9754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7B7313-FF53-43C9-AF4D-B639053D3FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC3668A6-262B-42BF-9E90-28BAA9BB3347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA4E9185-44BA-41E6-8600-C8616E199334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:7.0.0:b:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6F088D-0404-4588-9788-7A5903C5BC82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A1A402A-9262-4B97-A0B7-E5AE045E394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE44B379-9943-4DD1-8514-26F87482AFA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A797377-8945-4D75-AA68-A768855E5842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*\",\"matchCriteriaId\":\"79D84D76-54BE-49E9-905C-7D65B4B42D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8767F7-7C3D-457D-9EAC-E8A30796F751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*\",\"matchCriteriaId\":\"29AF8474-2D7A-4C5A-82B9-7A873AD90C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*\",\"matchCriteriaId\":\"7781A2CA-D927-48CD-9932-AE42B7BA1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"360C1B71-5360-4379-B0DE-63BB8F5E6DA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.5.1\",\"matchCriteriaId\":\"50649AB8-57FD-4210-A7F4-3AD7D00F6A91\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]}],\"references\":[{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2024-0006.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2024-0006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.