VMware fixes flaws demonstrated at Chinese Tianfu Cup hacking contest

VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest.

VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion.

Below is the list published by the virtualization giant:

• CVE-2021-22040 – VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
• CVE-2021-22041 – VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
• CVE-2021-22042 – VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
• CVE-2021-22043 – VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.

VMware also reported that the white hat hackers that discovered the flaws first reported them to the Chinese Government in accordance with a local law that orders researchers who discover a zero-day to share their findings with the government authorities.

“These issues were discovered as part of the Tianfu Cup, a Chinese security event that VMware participates in. These vulnerabilities were reported to the Chinese government by the researchers that discovered them, in accordance with their laws,” VMware revealed. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VMware)

[adrotate banner=”5″]

[adrotate banner=”13″]