CVE-2024-22273: The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a...
Description
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Classification
CVE ID: CVE-2024-22273
CVSS Base Severity: HIGH
CVSS Base Score: 8.1
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Problem Types
Out-of-bounds read/write vulnerabilityAffected Products
Vendor: n/a, n/a, n/a, n/a
Product: VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation (ESXi)
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 10.81% (scored less or equal to compared to others)
EPSS Date: 2025-04-24 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-22273https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308