CVE-2023-20869

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 17.x VMware Fusion versions 13.x

Description The issue is related to a stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine. This vulnerability may allow an attacker to execute arbitrary code. The estimated number of potentially affected devices is not specified. Real-world incidents where this issue was exploited include a demonstration at Pwn2Own 2023 in Vancouver, showcasing a Host-to-Guest escape vulnerability in the VMware Workstation VBluetooth device.

Recommendations For VMware Workstation version 17.x, update the software to a version that contains a fix for this issue. For VMware Fusion version 13.x, update the software to a version that contains a fix for this issue. As a temporary workaround, consider disabling the functionality for sharing host Bluetooth devices with the virtual machine until a patch is available.