VMware fixes critical zero-day Workstation/Player/Fusion exploit revealed at Pwn2Own
Posted by jpluimers on 2023/04/26
A less clickbaity title than most articles today as the below only applies to the VMware hypervisors running on MacOS and Windows.
The last Pwn2Own Zero Day Initiative revealed two major issues that allow a virtual machine to either execute code or read hypervisor memory on the VMware Workstation/Player/Fusion host:
- [Wayback/Archive] NVD – CVE-2023-20869
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- [Wayback/Archive] NVD – CVE-2023-20870
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Both issues have been fixed now, so be sure to deploy the fixes or, if you can’t, apply the workarounds.
Links:
- [Wayback/Archive] VMware Workstation (17.x) and VMware Fusion (13.x)… · CVE-2023-20869 · GitHub Advisory Database
- [Wayback/Archive] VMware fixes critical zero-day exploit chain used at Pwn2Own (which mentions the fixes actually solve more problems than the above two CVEs)
- [Wayback/Archive] Update – VMware Workstation Pro 17.0.2 | VMware Workstation Player 17.0.2 | MalwareTips Forums (the oldest report I could find)
- [Wayback/Archive] Zero Day Initiative — Pwn2Own Vancouver 2023 – Day Three Results
- Mitigation upgrades via [Wayback/Archive] VMSA-2023-0008
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)
- Temporary alternatives from [Wayback/Archive] Workaround Instructions for CVE-2023-20869 and CVE-2023-20870 (91760):
- [Wayback/Archive] Configuring USB Controller Settings (VMware Workstation Pro Product Documentation)
- [Wayback /Archive] Configuring USB Controller Settings (VMware Workstation Player for Windows Product Documentation)
- [Wayback/Archive] Sharing Bluetooth Devices with a Virtual Machine (VMware Fusion Product Documentation)
Query: [Wayback/Archive] “CVE-2023-20869” “Zero day” – Поиск в Google
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a Reply