CVE-2022-31705: VMware ESXi, Workstation, and Fusion code execution

VMware this week shipped security updates for its Workstation, Fusion, and ESXi product lines, warning that a heap out-of-bounds write vulnerability could expose users to code execution attacks.

Tracked as CVE-2022-31705 (CVSS score of 9.3), the security vulnerability exists in the USB 2.0 controller (EHCI) function of Workstation, Fusion, and ESXi. An attacker could exploit this vulnerability to execute arbitrary code on the system. the organizers of GeekPwn 2022 and the security researcher Yuhao Jiang were credited with reporting the bug.

“A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed,” VMWare said in its advisory.

CVE-2022-31705 affects ESXi 7.0, and 8.0 versions, Fusion 12.x, and Workstation 16.x. VMware Cloud Foundation (ESXi) 4.x and 3.x are affected as well.

VMware has addressed the bug with the release of ESXi80a-20842819, ESXi70U3si-20841705, Workstation 16.2.5, and Fusion 12.2.5. Customers are advised to apply the fixes as soon as possible.

Today, VMware also has fixed two security vulnerabilities in VMware Workspace ONE Access and Identity Manager:

• CVE-2022-31700 (CVSS score: 7.2): Authenticated Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager
• CVE-2022-31701 (CVSS score: 5.3): Broken Authentication Vulnerability in VMware Workspace ONE Access and Identity Manager