VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products


Level 37
Thread author
Top Poster
Feb 4, 2016
VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition.

As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows –

  • CVE-2021-22040 (CVSS score: 8.4) - Use-after-free vulnerability in XHCI USB controller
  • CVE-2021-22041 (CVSS score: 8.4) - Double-fetch vulnerability in UHCI USB controller
  • CVE-2021-22042 (CVSS score: 8.2) - ESXi settingsd unauthorized access vulnerability
  • CVE-2021-22043 (CVSS score: 8.2) - ESXi settingsd TOCTOU vulnerability
  • CVE-2021-22050 (CVSS score: 5.3) - ESXi slow HTTP POST denial-of-service vulnerability
  • CVE-2022-22945 (CVSS score: 8.8) - CLI shell injection vulnerability in the NSX Edge appliance component
Successful exploitation of the flaws could allow a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host. It could also allow the adversary with access to settingsd to escalate their privileges by writing arbitrary files.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.