{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22267", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:17.078Z", "datePublished": "2024-05-14T12:58:31.261Z", "dateUpdated": "2025-03-14T14:56:10.154Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "VMware Workstation", "vendor": "NA", "versions": [{"lessThan": "17.5.2", "status": "affected", "version": "17.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "VMware Fusion", "vendor": "N/A", "versions": [{"lessThan": "13.5.2", "status": "affected", "version": "13.x", "versionType": "custom"}]}], "datePublic": "2024-05-14T04:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.&nbsp;</span>A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>"}], "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Use-after-free vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-05-14T12:58:31.261Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "affected": [{"vendor": "vmware", "product": "vmware_workstation", "cpes": ["cpe:2.3:a:vmware:vmware_workstation:17.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "17.0", "status": "affected", "lessThan": "17.5.2", "versionType": "custom"}]}, {"vendor": "vmware", "product": "fusion", "cpes": ["cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0.0", "status": "affected", "lessThan": "13.5.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-17T04:00:38.016096Z", "id": "CVE-2024-22267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T14:56:10.154Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-17T04:00:38.016096Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:vmware_workstation:17.0:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "vmware_workstation", "versions": [{"status": "affected", "version": "17.0", "lessThan": "17.5.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "fusion", "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.5.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-17T12:01:30.093Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NA", "product": "VMware Workstation", "versions": [{"status": "affected", "version": "17.x", "lessThan": "17.5.2", "versionType": "custom"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}, {"vendor": "N/A", "product": "VMware Fusion", "versions": [{"status": "affected", "version": "13.x", "lessThan": "13.5.2", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "datePublic": "2024-05-14T04:40:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.&nbsp;</span>A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use-after-free vulnerability"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-05-14T12:58:31.261Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22267", "state": "PUBLISHED", "dateUpdated": "2025-03-14T14:56:10.154Z", "dateReserved": "2024-01-08T18:43:17.078Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-05-14T12:58:31.261Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "373FFB23-C9E8-495D-BD27-6DC875887440", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA567E5A-412F-4ED3-9434-E0290CDF753F", "versionEndExcluding": "17.5.2", "versionStartIncluding": "17.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\n"}, {"lang": "es", "value": "VMware Workstation y Fusion contienen una vulnerabilidad de use-after-free en el dispositivo vbluetooth. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede aprovechar este problema para ejecutar c\u00f3digo como el proceso VMX de la m\u00e1quina virtual que se ejecuta en el host."}], "id": "CVE-2024-22267", "lastModified": "2025-03-14T15:15:39.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T16:16:06.610", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}