CVE-2024-22273

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22273
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 Vendor Advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
History

01 Mar 2025, 02:33

Type Values Removed Values Added
CWE CWE-125
CWE-787
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 - Vendor Advisory
First Time Vmware esxi
Apple
Vmware fusion
Apple macos
Vmware workstation
Vmware cloud Foundation
Vmware
CPE cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*
Information

Published : 2024-05-21 18:15

Updated : 2025-03-26 16:15

NVD link : CVE-2024-22273

Mitre link : CVE-2024-22273

CVE.ORG link : CVE-2024-22273

JSON object : View

Products Affected

vmware

  • esxi
  • fusion
  • cloud_foundation
  • workstation

apple

  • macos
CWE
CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write