CVE-2024-22267 CRITICAL

CVE-2024-22267

Vendor Na
Product VMware Workstation
Published May 14, 2024
Last update March 14, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
March 14, 2025 Record updated