VMware has issued a patch to fix a High risk vulnerability (CVE-2021-22045) in VMware Workstation, Fusion and ESXi.
According to the VMware security advisory VMSA-2022-0001, a heap-overflow vulnerability exists in CD-ROM device emulation of VMware Workstation, Fusion and ESXi.
“A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine,” VMware noted in the advisory.
Moreover, VMware has rated the vulnerability CVE-2021-22045 as “Important” and CVSS base score of 7.7, which falls under High severity.
The issue affects VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0), and VMware Fusion (12.2.0).
The vulnerability did not have any known exploits in the wild at the time of the original advisory post.