CVE-2024-22267

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

History

14 Mar 2025, 15:15

Type Values Removed Values Added
First Time Vmware workstation
Apple
Apple macos
Vmware fusion
Vmware
CPE cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
CWE CWE-416
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - Vendor Advisory

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 -

14 May 2024, 19:18

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:16

Updated : 2025-03-14 15:15


NVD link : CVE-2024-22267

Mitre link : CVE-2024-22267

CVE.ORG link : CVE-2024-22267


JSON object : View

Products Affected

vmware

  • fusion
  • workstation

apple

  • macos
CWE
CWE-416

Use After Free