Impact on "VMware Workstation", "VMware Fusion", "VMware ESXI", etc.
セキュリティアドバイザリ「VMSA-2022-0001」
The US VMware released the security advertiser "VMSA-2022-0001" on January 4 (local time).The company's virtualized products "VMware Fusion", "VMware Workstation", "VMware ESXI", and "VMware Cloud Foundation" have vulnerabilities.
According to the company's advisory, the CD-ROM device emulation function of VMware products has a heap overflow vulnerability (CVE-2021-22045).Combined with other vulnerabilities, the code on the hyper visor may be executed from the virtual machine, and the severity is evaluated as "Important".The base score of CVS V3 is "7.7 ".
The products that affect this problem and the response status are as follows.
If the update is difficult or a patch is not provided, it is possible to disable and cut the CD-ROM device emulation function.