VMware has released a security update to address a vulnerability found in VMware Workstation and Fusion products. The security update addresses an out-of-bounds read vulnerability identified as CVE-2024-22251.

Affected Systems

• VMware Fusion

• VMware Workstation Pro / Player

Security Risks

Successful exploitation of the vulnerability may lead to unauthorized information disclosure on the affected system.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow VMware security advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible. The released software versions to upgrade to are as follows:

• VMware Workstation Pro / Player Version 17.5.1: For windows, Linux.

• VMware Fusion Version 13.5.1: for macOS

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.vmware.com/security/advisories/VMSA-2024-0005.html

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22251