Heap-overflow Vulnerability Affects Multiple VMware Products

A heap overflow vulnerability has been detected recently in multiple VMware products, that has been tracked as CVE-2021-22045

The VMware products that are affected by this heap overflow vulnerability are:-

  • VMware ESXi
  • VMware Workstation
  • VMware Fusion
  • VMware Cloud Foundation

However, VMware has already addressed this security flaw with the release of:-

  • ESXi670-202111101-SG
  • ESXi650-202110101-SG
  • Workstation 16.2.0
  • Fusion 12.2.0

Flaw profile

  • CVE ID: CVE-2021-22045
  • Advisory ID: VMSA-2022-0001
  • CVSSv3 Range: 7.7
  • Issue Date: 2022-01-04
  • Updated On: 2022-01-04 (Initial Advisory)
  • Synopsis: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

In VMware Workstation, Fusion and ESXi CD-ROM device emulation this heap-overflow vulnerability has been detected. So, here at this point, an attacker who have access to a virtual machine with CD-ROM device emulation could exploit this security flaw and on the hypervisor execute arbitrary code.

However, the virtualization giant VMware has provided mitigation for this security flaw, and here they are mentioned step-by-step:-

  • First of all, using the vSphere Web Client log in to a vCenter Server system.
  • Then you have to right-click the virtual machine and click Edit Settings.
  • Now, select the CD/DVD drive.
  • After that, uncheck the “Connected” and “Connect at power on.”
  • Now you have to remove the ISOs that are attached.

Here we have mentioned the commands used in Powercli to get the list of virtual machines that have a CD-ROM/DVD connected, and also mentioned the command to remove and disconnect an attached CD-ROM/DVD device.

For getting the list of virtual machines:-

  • Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent

To remove an attached CD-ROM/DVD device:-

  • Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false

Apart from this, the firm has affirmed that once the upgrade is complete that is recommended there is no requirement to implement the workaround provided.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.