// For flags

CVE-2023-34044

Information disclosure vulnerability in bluetooth device-sharing functionality

Severity Score

6.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds
read vulnerability that exists in the functionality for sharing host
Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual
machine may be able to read privileged information contained in
hypervisor memory from a virtual machine.

VMware Workstation (17.x anterior a 17.5) y Fusion (13.x anterior a 13.5) contienen una vulnerabilidad de lectura fuera de límites que existe en la funcionalidad para compartir dispositivos Bluetooth host con la máquina virtual. Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede leer información privilegiada contenida en la memoria del hipervisor desde una máquina virtual.

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the UHCI component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor.

*Credits: Gwangun Jung (@pr0Ln) at THEORI
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-25 CVE Reserved
  • 2023-10-20 CVE Published
  • 2023-11-09 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.vmware.com/security/advisories/VMSA-2023-0022.html 2023-10-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Fusion
Search vendor "Vmware" for product "Fusion"
 >= 13.0.0 < 13.5
Search vendor "Vmware" for product "Fusion" and version " >= 13.0.0 < 13.5"
-
Affected
in Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 >= 17.0.0 < 17.5
Search vendor "Vmware" for product "Workstation" and version " >= 17.0.0 < 17.5"
-
Affected