Lucene search
Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STAR Labs SG Pte. Ltd.ZDI-23-521HistoryMay 01, 2023 - 12:00 a.m.
(Pwn2Own) VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability
2023-05-0100:00:00
Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STAR Labs SG Pte. Ltd.
www.zerodayinitiative.com
18
vmware
workstation
uhci
component
uninitialized
variable
information
disclosure
vulnerability
local attackers
sensitive information
high-privileged code
memory initialization
arbitrary code
hypervisor
EPSS
0.001
Percentile
41.9%
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the UHCI component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor.
Related
nvd
nvd
CVE-2023-20870
2023-04-25 22:15:09
cvelist
cvelist
CVE-2023-20870
2023-04-25 00:00:00
prion
prion
Out-of-bounds
2023-04-25 22:15:00
cve
cve
CVE-2023-20870
2023-04-25 22:15:09
kaspersky
kaspersky
KLA49049 Multiple vulnerabilities in VMware Workstation
2023-04-25 00:00:00
malwarebytes
malwarebytes
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
2023-04-28 00:45:00
vmware
vmware
nessus
nessus
VMware Fusion 13.0.x < 13.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
VMware Workstation 17.0.x < 17.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
thn
thn
VMware Releases Critical Patches for Workstation and Fusion Software
2023-04-26 07:05:00