VMware Releases Critical Patches for Workstation and Fusion Software


Multiple security holes affecting VMware’s Workstation and Fusion software have been fixed via upgrades, the most serious of which might grant code execution to a local attacker. The vulnerability, identified as CVE-2023-20869, is a stack-based buffer-overflow flaw that affects the ability of the virtual machine to share host Bluetooth devices.

The business stated that a malicious actor with local administrative rights on a virtual machine may take advantage of this flaw to run programmes as the virtual machine’s VMX process running on the host. An out-of-bounds read vulnerability affecting the same functionality that might be exploited by a local adversary with admin capabilities to read private data from a virtual machine’s hypervisor memory has also been patched by VMware.

Read More…