The Download
One of the most important attributes of a virtual machine is the separation that hypervisors provide between the virtualized OS and the underlying operating system or other virtual OSs running on the same hardware. In multi-tenant architectures this may mean an attacker sandboxed in one tenant can escape its sandbox and compromise all the tenants of on the server, which makes sandbox escape vulnerabilities among some of the most severe vulnerabilities.
VMWare disclosed multiple vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) some ranging in severity from 9.3 to 10.0 that allow hypervisor escape in the VMware ESXi, Workstation, Fusion and Cloud Foundation products. VMware characterized the requirement to patch as an "emergency change" under its ITIL program. The vulnerabilities lie in the USB controller attached to the virtual machines.
What You Can Do
Broadcom, the VMWare parent company, is urging all VMWare users to patch the products immediately before active exploitation is observed. However, one workaround is to remove USB controllers from the virtual machines, which will render USB passthrough capability to the machines inoperable.
For Further Reading
Comments