How severe is CVE-2024-22252?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-22252?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-22252 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Related Vulnerabilities

CVE-2016-7154

MEDIUM

CVSS:6.7(Medium)

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain se...

CWE-4162016

CVE-2018-9517

MEDIUM

CVSS:6.7(Medium)

In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...

CWE-4162018

CVE-2019-19769

MEDIUM

CVSS:6.7(Medium)

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

CWE-4162019

CVE-2019-8528

MEDIUM

CVSS:6.7(Medium)

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, i...

CWE-4162019

CVE-2019-9259

MEDIUM

CVSS:6.7(Medium)

In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n...

CWE-4162019

CVE-2019-9273

MEDIUM

CVSS:6.7(Medium)

In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution pri...

CWE-4162019