VMware Fixed CVE-2021-22045 Heap-Overflow in Workstation, Fusion and ESXi
VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the hypervisor.
VMware released security updates to address a heap-overflow vulnerability, tracked as CVE-2021-22045, in its Workstation, Fusion and ESXi products. VMware has addressed the vulnerability with the release of ESXi670-202111101-SG, ESXi650-202110101-SG, Workstation 16.2.0, and Fusion 12.2.0.
According to the company, the security vulnerability exists in the CD-ROM device emulation function of the above products. An attacker with access to a virtual machine that has CD-ROM device emulation enabled can chain this vulnerability with other flaws to execute code on the hypervisor from a virtual machine.
“The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability.” reads the advisory published by the company. “A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.”
The vulnerability was privately reported to VMware and received a CVSS score of 7.7.
The virtualization giant also provided mitigation for this issue that consists of disabling or disconnecting the CD-ROM/DVD devices on all running virtual machines. Below is the step-by-step procedure:
1) Log in to a vCenter Server system using the vSphere Web Client. 2) Right-click the virtual machine and click Edit Settings. 3) Select the CD/DVD drive and uncheck “Connected” and “Connect at power on” and remove any attached ISOs.
To list the virtual machines that have a CD-ROM/DVD connected, admins can use Powercli.
The following command will list all VMs with a connected device.
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent
To remove and disconnect an attached CD-ROM/DVD device, run the command below.
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false
Affected products are Workstation 16.x, and Fusion 12.x, ESXi 6.5, 6.7, and 7 versions, and VMware Cloud Foundation.
The company recommends customers to apply the security updates as soon as possible.
Source: https://securityaffairs.co/wordpress/126352/security/vmware-cve-2021-22045-heap-overflow.html
Sign up for the e-mail list to be informed about the developments in the cyber world and to be informed about the weekly newsletter.