VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi

VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the hypervisor.

VMware released security updates to address a heap-overflow vulnerability, tracked as CVE-2021-22045, in its Workstation, Fusion and ESXi products. VMware has addressed the vulnerability with the release of ESXi670-202111101-SG, ESXi650-202110101-SG, Workstation 16.2.0, and Fusion 12.2.0.

According to the company, the security vulnerability exists in the CD-ROM device emulation function of the above products. An attacker with access to a virtual machine that has CD-ROM device emulation enabled can chain this vulnerability with other flaws to execute code on the hypervisor from a virtual machine.

“The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability.” reads the advisory published by the company. “A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.”

The vulnerability was privately reported to VMware and received a CVSS score of 7.7.

The virtualization giant also provided mitigation for this issue that consists of disabling or disconnecting the CD-ROM/DVD devices on all running virtual machines. Below is the step-by-step procedure:

1) Log in to a vCenter Server system using the vSphere Web Client.
2) Right-click the virtual machine and click Edit Settings.
3) Select the CD/DVD drive and uncheck “Connected” and “Connect at power on” and remove any attached ISOs.

To list the virtual machines that have a CD-ROM/DVD connected, admins can use Powercli.
The following command will list all VMs with a connected device

Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent

To remove and disconnect an attached CD-ROM/DVD device, run the command below

Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false

Affected products are Workstation 16.x, and Fusion 12.x, ESXi 6.5, 6.7, and 7 versions, and VMware Cloud Foundation.

The company recommends customers to apply the security updates as soon as possible.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VMware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.