VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX process running on the host.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Esxi | Vmware | 7.0 (including) | 7.0 (including) |
| Esxi | Vmware | 7.0-beta (including) | 7.0-beta (including) |
| Esxi | Vmware | 7.0-update_1 (including) | 7.0-update_1 (including) |
| Esxi | Vmware | 7.0-update_1a (including) | 7.0-update_1a (including) |
| Esxi | Vmware | 7.0-update_1b (including) | 7.0-update_1b (including) |
| Esxi | Vmware | 7.0-update_1c (including) | 7.0-update_1c (including) |
| Esxi | Vmware | 7.0-update_1d (including) | 7.0-update_1d (including) |
| Esxi | Vmware | 7.0-update_1e (including) | 7.0-update_1e (including) |
| Esxi | Vmware | 7.0-update_2 (including) | 7.0-update_2 (including) |
| Esxi | Vmware | 7.0-update_2a (including) | 7.0-update_2a (including) |
| Esxi | Vmware | 7.0-update_2c (including) | 7.0-update_2c (including) |
| Esxi | Vmware | 7.0-update_2d (including) | 7.0-update_2d (including) |
| Esxi | Vmware | 7.0-update_2e (including) | 7.0-update_2e (including) |
| Esxi | Vmware | 7.0-update_3 (including) | 7.0-update_3 (including) |
| Esxi | Vmware | 7.0-update_3c (including) | 7.0-update_3c (including) |
| Esxi | Vmware | 7.0-update_3d (including) | 7.0-update_3d (including) |
| Esxi | Vmware | 7.0-update_3e (including) | 7.0-update_3e (including) |
| Esxi | Vmware | 7.0-update_3f (including) | 7.0-update_3f (including) |
| Esxi | Vmware | 7.0-update_3g (including) | 7.0-update_3g (including) |
| Esxi | Vmware | 7.0-update_3i (including) | 7.0-update_3i (including) |
| Esxi | Vmware | 7.0-update_3j (including) | 7.0-update_3j (including) |
| Esxi | Vmware | 7.0-update_3k (including) | 7.0-update_3k (including) |
| Esxi | Vmware | 7.0-update_3l (including) | 7.0-update_3l (including) |
| Esxi | Vmware | 7.0-update_3m (including) | 7.0-update_3m (including) |
| Esxi | Vmware | 7.0-update_3n (including) | 7.0-update_3n (including) |
| Esxi | Vmware | 7.0-update_3o (including) | 7.0-update_3o (including) |
| Esxi | Vmware | 7.0-update_3p (including) | 7.0-update_3p (including) |
| Esxi | Vmware | 7.0-update_3q (including) | 7.0-update_3q (including) |
| Esxi | Vmware | 7.0-update_3r (including) | 7.0-update_3r (including) |
| Esxi | Vmware | 8.0 (including) | 8.0 (including) |
| Esxi | Vmware | 8.0-a (including) | 8.0-a (including) |
| Esxi | Vmware | 8.0-b (including) | 8.0-b (including) |
| Esxi | Vmware | 8.0-c (including) | 8.0-c (including) |
| Esxi | Vmware | 8.0-update_1 (including) | 8.0-update_1 (including) |
| Esxi | Vmware | 8.0-update_1a (including) | 8.0-update_1a (including) |
| Esxi | Vmware | 8.0-update_1c (including) | 8.0-update_1c (including) |
| Esxi | Vmware | 8.0-update_1d (including) | 8.0-update_1d (including) |
| Esxi | Vmware | 8.0-update_2 (including) | 8.0-update_2 (including) |
| Esxi | Vmware | 8.0-update_2b (including) | 8.0-update_2b (including) |
| Esxi | Vmware | 8.0-update_2c (including) | 8.0-update_2c (including) |
| Esxi | Vmware | 8.0-update_3 (including) | 8.0-update_3 (including) |
| Esxi | Vmware | 8.0-update_3b (including) | 8.0-update_3b (including) |
| Esxi | Vmware | 8.0-update_3c (including) | 8.0-update_3c (including) |