Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0042 VMSA-2022-0001 - VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045) 5 January 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESXi VMware Workstation VMware Fusion VMware Cloud Foundation Publisher: VMWare Operating System: UNIX variants (UNIX, Linux, OSX) Windows VMware ESX Server Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-22045 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2022-0001.html - --------------------------BEGIN INCLUDED TEXT-------------------- Advisory ID: VMSA-2022-0001 CVSSv3 Range: 7.7 Issue Date: 2022-01-04 Updated On: 2022-01-04 (Initial Advisory) CVE(s): CVE-2021-22045 Synopsis: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045) 1. Impacted Products o VMware ESXi o VMware Workstation o VMware Fusion o VMware Cloud Foundation 2. Introduction A heap-overflow vulnerability in VMware Workstation, Fusion and ESXi was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. 3. VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045) Description The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7. Known Attack Vectors A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. Resolution To remediate CVE-2021-22045 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2021-22045 have been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Notes Successful exploitation requires CD image to be attached to the virtual machine. Acknowledgements VMware would like to thank Jaanus K\xc3\xa4\xc3\xa4p, Clarified Security working with Trend Micro Zero Day Initiative for reporting this vulnerability to us. Response Matrix Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional On Documentation ESXi 7.0 Any CVE-2021-22045 7.7 important Patch Pending KB87249 None ESXi 6.7 Any CVE-2021-22045 7.7 important ESXi670-202111101-SG KB87249 None ESXi 6.5 Any CVE-2021-22045 7.7 important ESXi650-202110101-SG KB87249 None Workstation 16.x Any CVE-2021-22045 7.7 important 16.2.0 KB87206 None Fusion 12.x OS X CVE-2021-22045 7.7 12.2.0 KB87207 None important Impacted Product Suites that Deploy Response Matrix Components: Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional On Version Documentation VMware Cloud 4.x Any CVE-2021-22045 7.7 important Patch KB87249 None Foundation Pending (ESXi) VMware Cloud 3.x Any CVE-2021-22045 7.7 important Patch KB87249 None Foundation Pending (ESXi) 4. References Fixed Version(s) and Release Notes: VMware ESXi 6.7 Downloads and Documentation: https://customerconnect.vmware.com/patch/ https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202111001.html# esxi670-202111101-sg-resolved VMware ESXi 6.5 Downloads and Documentation: https://customerconnect.vmware.com/patch/ https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202110001.html VMware Workstation 16.2.0 Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/details?downloadGroup= WKST-1620-WIN&productId=1038&rPId=75715 https://docs.vmware.com/en/VMware-Workstation-Pro/16.2.0/rn/ VMware-Workstation-1620-Pro-Release-Notes.html VMware Fusion 12.2.0 Downloads and Documentation: https://customerconnect.vmware.com/downloads/details?downloadGroup=FUS-1220& productId=1040&rPId=75335 https://docs.vmware.com/en/VMware-Fusion/12.2.0/rn/ VMware-Fusion-1220-Release-Notes.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22045 FIRST CVSSv3 Calculator: CVE-2021-22045 : https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/ PR:N/UI:R/S:C/C:H/I:H/A:H 5. Change Log 2022-01-04 VMSA-2022-0001 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYdTsA+NLKJtyKPYoAQgRyA/+Po+wPwhId1m+v4Ks2Z1beC492gY2Lv7C LEVo1UWKjDxLPeUat95TQ5tzYTfMDNaUT/DnjrowUwqw1vGtBTDMSyU5ZwuB4tjh Od1pkNaxzk6bgItuqWE341Aa3ip9CCJTnSR3cXusktQn4jF1xp/KdNStnCRYHExB YHO/jZMIj8EOlYstlOJniEO1GxrAHdB8inTHFCmr1CbK0bnGLBuxxqmu6Iav/ke9 vtu4Xx3w4+jnNP5nO4niSjjUt2S1FK0t2FbMaGygbUUU7a8JI4HZBeeZR8C/sID1 Xl4VjcYFe1s+AZ+c9g4zoR6y3wGdzIHgxi5C+4Ss+bEOfl06BHb4YvPCMI5sY0OS 9/Io0Z937VWKyPs0n9WxMmZv99Pj90zuvY0QgpSxjisxsHN++XfT7yrLs2nQq75j 84ORhBLMYZ8xGwjNZ543UseQGqXQ/FoL1qBkbQN91RhYxi5l6FcKoXEvMlvsrazU ONgJjd/aN9OEpmowJfHtHhppO0d8GDWX3fL/WlZSpCFfwuJC3UGHl/lgNC0R8AWb XGUZdt3clgaBCTmWegdKzWcvpPMat55+O+4n4UQ+R39mM6kokUf9RsxSi8Qs5yZk 9WBkBYhk4V11hmyGz9eXDtH60wnvfyfUdwTaVoKsRS5UaOS8da0D+2NRQMPR0yfz bV5mTevwpnU= =MD3r -----END PGP SIGNATURE-----