Pierluigi Paganini April 25, 2023

VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors.

VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors.

The STAR Labs (@starlabs_sg) team used an uninitialized variable and UAF to hack the VMWare Workstation virtualization software. They earned $80,000 and 8 Master of Pwn points. 

The vulnerability CVE-2023-20869 is a stack-based buffer-overflow issue that resides in Bluetooth device-sharing functionality. A local attacker can exploit the flaw to execute code as the virtual machine’s VMX process running on the host.

The flaw CVE-2023-20870 is an information disclosure issue in the functionality for sharing host Bluetooth devices with the VM. An attacker can exploit the vulnerability to read privileged information contained in hypervisor memory from a VM.

The virtualization giant recommends as a workaround for both CVE-2023-20869 and CVE-2023-20870 to turn off the Bluetooth support on the virtual machine.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, VMware)