The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloud_foundation | Vmware | 4.0 (including) | 5.1.1 (excluding) |
Workstation | Vmware | 17.0.0 (including) | 17.5.1 (excluding) |
Esxi | Vmware | 7.0 (including) | 7.0 (including) |
Esxi | Vmware | 7.0-beta (including) | 7.0-beta (including) |
Esxi | Vmware | 7.0-update_1 (including) | 7.0-update_1 (including) |
Esxi | Vmware | 7.0-update_1a (including) | 7.0-update_1a (including) |
Esxi | Vmware | 7.0-update_1b (including) | 7.0-update_1b (including) |
Esxi | Vmware | 7.0-update_1c (including) | 7.0-update_1c (including) |
Esxi | Vmware | 7.0-update_1d (including) | 7.0-update_1d (including) |
Esxi | Vmware | 7.0-update_1e (including) | 7.0-update_1e (including) |
Esxi | Vmware | 7.0-update_2 (including) | 7.0-update_2 (including) |
Esxi | Vmware | 7.0-update_2a (including) | 7.0-update_2a (including) |
Esxi | Vmware | 7.0-update_2c (including) | 7.0-update_2c (including) |
Esxi | Vmware | 7.0-update_2d (including) | 7.0-update_2d (including) |
Esxi | Vmware | 7.0-update_2e (including) | 7.0-update_2e (including) |
Esxi | Vmware | 7.0-update_3 (including) | 7.0-update_3 (including) |
Esxi | Vmware | 7.0-update_3c (including) | 7.0-update_3c (including) |
Esxi | Vmware | 7.0-update_3d (including) | 7.0-update_3d (including) |
Esxi | Vmware | 7.0-update_3e (including) | 7.0-update_3e (including) |
Esxi | Vmware | 7.0-update_3f (including) | 7.0-update_3f (including) |
Esxi | Vmware | 7.0-update_3g (including) | 7.0-update_3g (including) |
Esxi | Vmware | 7.0-update_3i (including) | 7.0-update_3i (including) |
Esxi | Vmware | 7.0-update_3j (including) | 7.0-update_3j (including) |
Esxi | Vmware | 7.0-update_3k (including) | 7.0-update_3k (including) |
Esxi | Vmware | 7.0-update_3l (including) | 7.0-update_3l (including) |
Esxi | Vmware | 7.0-update_3m (including) | 7.0-update_3m (including) |
Esxi | Vmware | 7.0-update_3n (including) | 7.0-update_3n (including) |
Esxi | Vmware | 7.0-update_3o (including) | 7.0-update_3o (including) |
Esxi | Vmware | 7.0-update_3p (including) | 7.0-update_3p (including) |
Esxi | Vmware | 8.0 (including) | 8.0 (including) |
Esxi | Vmware | 8.0-a (including) | 8.0-a (including) |
Esxi | Vmware | 8.0-b (including) | 8.0-b (including) |
Esxi | Vmware | 8.0-c (including) | 8.0-c (including) |
Esxi | Vmware | 8.0-update_1 (including) | 8.0-update_1 (including) |
Esxi | Vmware | 8.0-update_1a (including) | 8.0-update_1a (including) |
Esxi | Vmware | 8.0-update_1c (including) | 8.0-update_1c (including) |
Esxi | Vmware | 8.0-update_2 (including) | 8.0-update_2 (including) |