=====================================================================

                           CERT-Renater

                 Note d'Information No. 2022/VULN002
_____________________________________________________________________

DATE                : 06/01/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
_____________________________________________________________________

Important
Advisory ID: VMSA-2022-0001
CVSSv3 Range: 7.7
Issue Date: 2022-01-04
Updated On: 2022-01-04 (Initial Advisory)
CVE(s): CVE-2021-22045
Synopsis: VMware Workstation, Fusion and ESXi updates address a
heap-overflow vulnerability (CVE-2021-22045)
1. Impacted Products
•	VMware ESXi
•	VMware Workstation
•	VMware Fusion
•	VMware Cloud Foundation
2. Introduction
A heap-overflow vulnerability in VMware Workstation, Fusion and ESXi was
privately reported to VMware. Updates are available to remediate this
vulnerability in affected VMware products.
3. VMware Workstation, Fusion and ESXi updates address a heap-overflow
vulnerability (CVE-2021-22045)
Description
The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a
heap-overflow vulnerability. VMware has evaluated the severity of this
issue to be in the Important severity range with a maximum CVSSv3 base
score of 7.7.
Known Attack Vectors
A malicious actor with access to a virtual machine with CD-ROM device
emulation may be able to exploit this vulnerability in conjunction with
other issues to execute code on the hypervisor from a virtual machine.
Resolution
To remediate CVE-2021-22045 apply the patches listed in the 'Fixed
Version' column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2021-22045 have been listed in the 'Workarounds'
column of the 'Response Matrix' below.
Additional Documentation
None.
Notes
Successful exploitation requires CD image to be attached to the virtual
machine.
Acknowledgements
VMware would like to thank Jaanus K\xc3\xa4\xc3\xa4p, Clarified Security
working with Trend Micro Zero Day Initiative for reporting this
vulnerability to us.
Response Matrix
Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed
Version	Workarounds	Additional Documentation
ESXi 	7.0	Any	CVE-2021-22045 	7.7
important	Patch Pending	KB87249
None
ESXi 	6.7	Any	CVE-2021-22045 	7.7	important	ESXi670-202111101-SG	KB87249
None
ESXi 	6.5	Any	CVE-2021-22045 	7.7
important	ESXi650-202110101-SG	KB87249
None
Workstation 	16.x	Any	CVE-2021-22045 	7.7
important	16.2.0	KB87206
None
Fusion 	12.x	OS X	CVE-2021-22045	7.7
important	12.2.0	KB87207
None
Impacted Product Suites that Deploy Response Matrix Components:
Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed
Version	Workarounds	Additional Documentation
VMware Cloud Foundation (ESXi) 	4.x	Any	CVE-2021-22045 	7.7
important	Patch Pending	KB87249
None
VMware Cloud Foundation (ESXi) 	3.x	Any	CVE-2021-22045 	7.7
important	Patch Pending	KB87249
None
4. References
Fixed Version(s) and Release Notes:

VMware ESXi 6.7
Downloads and Documentation:
https://customerconnect.vmware.com/patch/
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202111001.html#esxi670-202111101-sg-resolved

VMware ESXi 6.5
Downloads and Documentation:
https://customerconnect.vmware.com/patch/
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202110001.html

VMware Workstation 16.2.0
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-1620-WIN&productId=1038&rPId=75715
https://docs.vmware.com/en/VMware-Workstation-Pro/16.2.0/rn/VMware-Workstation-1620-Pro-Release-Notes.html

VMware Fusion 12.2.0
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=FUS-1220&productId=1040&rPId=75335
https://docs.vmware.com/en/VMware-Fusion/12.2.0/rn/VMware-Fusion-1220-Release-Notes.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22045

FIRST CVSSv3 Calculator:
CVE-2021-22045 :
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
5. Change Log
2022-01-04 VMSA-2022-0001
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
https://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC


Copyright 2022 VMware Inc. All rights reserved.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================