VMSA-2023-0022:VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities

VMware Tanzu Application Service

0 more products

23676

17 October 2023

18 October 2023

CLOSED

HIGH

6.6-7.1

CVE-2023-34044,CVE-2023-34045,CVE-2023-34046

VMSA-2023-0022
6.6-7.1
2023-10-19
2023-10-19 (Initial Advisory)
CVE-2023-34044, CVE-2023-34045, CVE-2023-34046
VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)
1. Impacted Products
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion
2. Introduction

Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.

3a. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-34044)

Description

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors

A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Resolution

To remediate CVE-2023-34044 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

Additional Documentation

None

Notes

This issue exists because Workstation 17.0.2 and Fusion 13.0.2, released on April 25, 2023 did not address CVE-2023-20870 completely.

Acknowledgements

VMware would like to thank Gwangun Jung (@pr0Ln) at THEORI working with Trend Micro Zero Day Initiative for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
Workstation
17.x
Any
CVE-2023-34044
important
17.5
None
Fusion
13.x
OS X
CVE-2023-34044
important
13.5
None
3b. VMware Fusion TOCTOU local privilege escalation vulnerability (CVE-2023-34046)

Description

VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.

Known Attack Vectors

A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Resolution

To remediate CVE-2023-34046 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None

Additional Documentation

None

Notes

This will not occur if the user follows the usual process of double-clicking the application in the '.dmg' volume when running the installer for the first time.

 

Acknowledgements

VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
Fusion
13.x
OS X
CVE-2023-34046
moderate
13.5
None
None
3c. VMware Fusion installer local privilege escalation (CVE-2023-34045)

Description

VMware Fusion contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.

Known Attack Vectors

A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Resolution

To remediate CVE-2023-34045 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None

Additional Documentation

None

Notes

This will not occur if the user follows the usual process of double-clicking the application in the '.dmg' volume when running the installer for the first time.

 

Acknowledgements

VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
Fusion
13.x
OS X
CVE-2023-34045
moderate
13.5
None
None
4. References
5. Change Log

2023-10-19 VMSA-2023-0022
Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

[email protected]  

[email protected]  

[email protected] 

 

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2023 VMware Inc. All rights reserved.