Support Content Notification - Support Portal

VMSA-2022-0001:VMware Workstation, Fusion and ESXi updates address a heap-overfLOW vulnerability

Product/Component

VMware Cloud Foundation

2 more products

Notification Id

23627

Last Updated

12 February 2022

Initial Publication Date

02 January 2022

Status

CLOSED

Severity

HIGH

CVSS Base Score

7.7

WorkAround

Affected CVE

CVE-2021-22045

Advisory ID: VMSA-2022-0001.2

CVSSv3 Range: 7.7

Issue Date:2022-01-04

Updated On: 2022-02-14

CVE(s): CVE-2021-22045

Synopsis: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

1. Impacted Products

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation

2. Introduction

A heap-overflow vulnerability in VMware Workstation, Fusion and ESXi was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

Description

The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.

Known Attack Vectors

A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Resolution

To remediate CVE-2021-22045 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

Workarounds for CVE-2021-22045 have been listed in the 'Workarounds' column of the 'Response Matrix' below.

Additional Documentation

None.

Notes

Successful exploitation requires CD image to be attached to the virtual machine.

Acknowledgements

VMware would like to thank Jaanus K\xc3\xa4\xc3\xa4p, Clarified Security working with Trend Micro Zero Day Initiative for reporting this vulnerability to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
ESXi	7.0	Any	CVE-2021-22045	7.7	important	ESXi70U3c-19193900	KB87249	None
ESXi	6.7	Any	CVE-2021-22045	7.7	important	ESXi670-202111101-SG	KB87249	None
ESXi	6.5	Any	CVE-2021-22045	7.7	important	ESXi650-202110101-SG	KB87249	None
Workstation	16.x	Any	CVE-2021-22045	7.7	important	16.2.0	KB87206	None
Fusion	12.x	OS X	CVE-2021-22045	7.7	important	12.2.0	KB87207	None

Impacted Product Suites that Deploy Response Matrix Components:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Cloud Foundation (ESXi)	4.x	Any	CVE-2021-22045	7.7	important	4.4	KB87249	None
VMware Cloud Foundation (ESXi)	3.x	Any	CVE-2021-22045	7.7	important	3.11	KB87249	None

4. References

Fixed Version(s) and Release Notes:

VMware ESXi 7.0

Downloads and Documentation:

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=ESXI70U3C&productId=974&rPId=83414

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3c-release-notes.html

VMware ESXi 6.7

Downloads and Documentation:

https://customerconnect.vmware.com/patch/

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202111001.html#esxi670-202111101-sg-resolved

VMware ESXi 6.5

Downloads and Documentation:

https://customerconnect.vmware.com/patch/

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202110001.html

VMware Workstation Pro 16.2.0

Downloads and Documentation:

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-1620-WIN&productId=1038&rPId=75715

https://docs.vmware.com/en/VMware-Workstation-Pro/16.2.0/rn/VMware-Workstation-1620-Pro-Release-Notes.html

VMware Workstation Player 16.2.0

Downloads and Documentation:

https://customerconnect.vmware.com/downloads/details?downloadGroup=WKST-PLAYER-1620&productId=1039&rPId=77292

https://docs.vmware.com/en/VMware-Workstation-Player/16.2.0/rn/VMware-Workstation-1620-Player-Release-Notes.html

VMware Fusion 12.2.0

Downloads and Documentation:

https://customerconnect.vmware.com/downloads/details?downloadGroup=FUS-1220&productId=1040&rPId=75335

https://docs.vmware.com/en/VMware-Fusion/12.2.0/rn/VMware-Fusion-1220-Release-Notes.html

VMware Cloud Foundation 4.4
Downloads and Documentation:

https://docs.vmware.com/en/VMware-Cloud-Foundation/4.4/rn/VMware-Cloud-Foundation-44-Release-Notes.html

VMware Cloud Foundation 3.11
Downloads and Documentation:

https://docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22045

FIRST CVSSv3 Calculator:
CVE-2021-22045 : https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

5. Change Log

2022-01-04 VMSA-2022-0001
Initial security advisory.

2022-01-27 VMSA-2022-0001.1
Updated security advisory to add ESXi 7.0 version in the response matrix of section 3.

2022-02-14 VMSA-2022-0001.2
Updated security advisory to add VMware Cloud Foundation 4.4 and 3.11 versions in the response matrix components of section 3.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

[email protected]

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055

VMware Security Advisories

https://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog

https://blogs.vmware.com/security

Twitter

https://twitter.com/VMwareSRC