VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors .Four recently discovered security vulnerabilities affect VMware Workstation and Fusion in that two of them are zero days discovered during Pwn2Own 2023 contest in Vancouver
CVE-2023-20869: Stack-Based Buffer-Overflow Vulnerability in Bluetooth Device-Sharing
VMware Workstation and Fusion contain a critical stack-based buffer-overflow vulnerability with a CVSSv3 base score of 9.3 resides in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with local administrative privileges on a virtual machine can exploit the CVE-2023-20869 vulnerability to execute code as the VMX process running on the host. This issue is fixed in Workstation 17.0.2 and Fusion 13.0.2.
CVE-2023-20870: Information Disclosure Vulnerability in Bluetooth Device-Sharing Functionality
An out-of-bounds read vulnerability with a CVSSv3 base score of 7.1 exists in the Bluetooth device-sharing functionality of VMware Workstation and Fusion. An attacker with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. This vulnerability is fixed in Workstation 17.0.2 and Fusion 13.0.2.
CVE-2023-20871: VMware Fusion Raw Disk Local Privilege Escalation Vulnerability
VMware Fusion contains a local privilege escalation vulnerability with a CVSSv3 base score of 7.3. An attacker with read/write access to the host operating system can exploit this vulnerability to gain root access to the host operating system. This issue is fixed in Fusion 13.0.2.
CVE-2023-20872: Out-of-Bounds Read/Write Vulnerability in SCSI CD/DVD Device Emulation
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability with a CVSSv3 base score of 7.7 in SCSI CD/DVD device emulation. An attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual SCSI controller can exploit this vulnerability to execute code on the hypervisor from a virtual machine. This vulnerability is fixed in Workstation 17.0.1 and Fusion 13.0.1.
To mitigate the risks associated with these vulnerabilities, it is highly recommended that users update their VMware Workstation and Fusion installations to the latest fixed versions: Workstation 17.0.2, Fusion 13.0