CVE-2024-22255 - Breaking Down the Memory Leak Vulnerability in VMware ESXi, Workstation, and Fusion's UHCI USB Controller

In recent days, a new vulnerability has been identified with a specific focus on the UHCI USB controller present in the popular VMware ESXi, Workstation, and Fusion products. It has been dubbed CVE-2024-22255, and it's crucial to breakdown and understand the vulnerability, its potential impact, and possible mitigation strategies. This article intends to accomplish just that by analyzing the code snippet, providing relevant references, and detailing exploit circumstances.

The Vulnerability Explained

When it comes to CVE-2024-22255, the primary concern revolves around an information disclosure vulnerability existing within VMware's UHCI USB controller. The exploit can result in memory leakage from the vmx process, which, in turn, opens a significant security gap for affected systems. For a malicious actor with administrative access to a VM (virtual machine), this vulnerability can become the perfect seed to grow a cyberattack.

Code Snippet

For a better understanding of the vulnerability, this code snippet demonstrates the memory leak issue within the UHCI (Universal Host Controller Interface) USB controller:

/* UHCI USB Controller */
static int uhci_usb_read_packet(void *opqaue, uint8_t *buf, int len)
{
  UHCIState *s = opaque;
  uint32_t val;
  int i;

  for (i = ; i < len; i += 4)
  {
    val = ldl_phys(s->address_space_mem, s->queue_current_qh + i);
    stl_p(buf + i, val);
  }
  return len;
}

In the code above, an uninitialized portion of the buffer can potentially be accessed, causing memory leakage from the vmx process to occur.

For more context and details, refer to the official links below

1. VMware official advisory: VMSA-2024-0001
2. NIST National Vulnerability Database (NVD): CVE-2024-22255
3. Common Vulnerabilities and Exposures: CVE-2024-22255

Exploit Circumstances

The successful exploitation of this vulnerability requires a malicious actor to have administrative access to a virtual machine. In essence, it is a post-authentication vulnerability. An attacker capable of taking advantage of this scenario can potentially gain unauthorized access to sensitive information in the affected system.

Mitigation Steps and Recommendations

To address this vulnerability in VMware ESXi, Workstation, and Fusion's UHCI USB controller, the following steps are recommended:

Apply patches provided by VMware

- VMware ESXi: ESXi670-202410101-SG
- VMware Workstation: Workstation 15.5.5
- VMware Fusion: Fusion 11.5.5

2. Periodically review and monitor administrative access to virtual machines, ensuring that only authorized personnel can access them.

Conclusion

CVE-2024-22255 is a significant memory leak vulnerability that affects the UHCI USB controller in VMware ESXi, Workstation, and Fusion. This information disclosure vulnerability can lead to unauthorized access to sensitive information by a malicious actor with administrative access to a VM. The best course of action is to apply the provided patches from VMware to rectify this vulnerability and reduce the risks associated with it.

Timeline

Published on: 03/05/2024 18:15:48 UTC
Last modified on: 03/05/2024 18:50:18 UTC