VMware has addressed multiple security vulnerabilities in its Workstation and Fusion products. The vulnerabilities identified as CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, and CVE-2023-20872 have been privately reported to VMware and have a CVSS v3.x score of 7.3 9.3.
One of the flaws, CVE-2023-20869, is a stack-based buffer overflow vulnerability in the ability to share the host’s Bluetooth device with virtual machines (VMs).
“A malicious actor with local administrator privileges on a virtual machine could exploit this issue to execute code as a VMX process in a virtual machine running on the host,” the company said Tuesday. I wrote in a security advisory published on
VMware has rated this bug as Critical severity, with a maximum CVSS v3.x base score of 9.3.
Another vulnerability, CVE-2023-20870, is an out-of-range read flaw in the same Bluetooth functionality. VMware has rated this vulnerability as Important, with a maximum base score of 7.1 for CVSS v3.x.
Read more about the out-of-scope flaw: Vulnerability in TPM 2.0 library could affect billions of IoT devices
On the other hand, CVE-2023-20871 is a local privilege escalation vulnerability in VMware Fusion. VMware has rated this vulnerability as Important, with a maximum base score of 7.3 for CVSS v3.x.
Finally, CVE-2023-20872 is an out-of-bounds read/write vulnerability in VMware Workstation and Fusion’s SCSI CD/DVD device emulation. VMware has rated this bug as Critical severity, with a maximum CVSS v3.x Base Score of 7.7.
VMware has released updates and workarounds to fix these vulnerabilities for affected products.
“Multiple security vulnerabilities in VMware Workstation and Fusion have been privately reported to VMware. Updates and workarounds are available to fix these vulnerabilities for affected VMware products.”
VMware would like to thank STAR Labs for working with the Pwn2Own 2023 security contest to report this issue. The patch comes months after his ESXiArgs ransomware attack that infected VMware ESXi hypervisor servers in February.
