CVE-2021-22040

Name of the Vulnerable Software and Affected Versions VMware ESXi (affected versions not specified) VMware Workstation (affected versions not specified) VMware Fusion (affected versions not specified) VMware Cloud Foundation (affected versions not specified)

Description A use-after-free vulnerability exists in the XHCI USB controller of the affected software. This issue can be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.

Recommendations For VMware ESXi, update to a version that includes the fix for this issue. For VMware Workstation, update to a version that includes the fix for this issue. For VMware Fusion, update to a version that includes the fix for this issue. For VMware Cloud Foundation, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the XHCI USB controller until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.