------------ On March 5, 2024, Broadcom issued a security advisory, VMSA-2024-0006, which addresses security vulnerabilities discovered in VMware ESXi, VMware Workstation Pro & Player, and VMware Fusion. An attacker with privileged access (root or administrator) to the guest OS inside a virtual machine may use these vulnerabilities to access the hypervisor. In short, patching these products is the fastest method to resolve the issues. Depending on your environment there may be a workaround available, via removal of USB controllers from virtual machines. That may be infeasible at scale and may impact virtual machine console access. See the Q&A below for more information. The VMware Security Advisory (VMSA) is the definitive source for information regarding affected products and versions, workarounds, and appropriate patches necessary for maintaining your organization's security. This document serves as a supplementary guide to the advisory, providing self-service information to assist you and your organization in determining an appropriate response.
EPSS 0.08% · 23.3th percentile