3. Heap out-of-bounds write vulnerability in EHCI controller (CVE-2022-31705)
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.
customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_fusion/12_0
customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_workstation_pro/16_0
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31705
docs.vmware.com/en/VMware-Fusion/12.2.5/rn/vmware-fusion-1225release-notes/index.html
docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3i-release-notes.html
docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80a-release-notes/index.html
docs.vmware.com/en/VMware-Workstation-Pro/16.2.5/rn/vmware-workstation-1625-pro-release-notes/index.html
kb.vmware.com/s/article/79712
kb.vmware.com/s/article/87617
kb.vmware.com/s/article/90336
my.vmware.com/group/vmware/patch
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L