CVE-2023-34045

Name of the Vulnerable Software and Affected Versions VMware Fusion versions 13.x prior to 13.5

Description The issue is a local privilege escalation vulnerability that occurs during the first installation of VMware Fusion or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. The vulnerability is related to errors in synchronization when using a shared resource.

Recommendations For versions 13.x prior to 13.5, update to version 13.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the system during the installation or upgrade process to minimize the risk of exploitation. Avoid using the application until the issue is resolved. At the moment, there is no other information about additional mitigation measures.