CVE-2022-31705
Published on: Not Yet Published
Last Modified on: 12/19/2022 03:43:00 PM UTC
Certain versions of Mac Os X from Apple contain the following vulnerability:
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
- CVE-2022-31705 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.2 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | HIGH | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| CHANGED | HIGH | HIGH | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| VMSA-2022-0033 | www.vmware.com text/html |
MISC www.vmware.com/security/advisories/VMSA-2022-0033.html |
Related QID Numbers
- 216301 VMware ESXi 7.0 Patch Release ESXi70U3si-20841705 Missing (VMSA-2022-0033)
- 216302 VMware ESXi 8.0 Patch Release ESXi80a-20842819 Missing (VMSA-2022-0033)
- 377837 VMware Workstation Heap Out-Of-Bounds Write Vulnerability (VMSA-2022-0033)
- 377839 VMware Fusion Heap Out-Of-Bounds Write Vulnerability (VMSA-2022-0033)
Exploit/POC from Github
CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | - | All | All | All |
| Operating System | Vmware | Esxi | 7.0 | - | All | All |
| Operating System | Vmware | Esxi | 7.0 | beta | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_1 | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_1a | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_1b | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_1c | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_1d | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_1e | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_2 | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_2a | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_2c | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_2d | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_2e | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_3c | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_3d | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_3e | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_3f | All | All |
| Operating System | Vmware | Esxi | 7.0 | update_3g | All | All |
| Operating System | Vmware | Esxi | 8.0 | - | All | All |
| Application | Vmware | Fusion | All | All | All | All |
| Application | Vmware | Workstation | All | All | All | All |
- cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*:
- cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*:
- cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*:
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @isac_kolej |
Aktualizacja VMware ESXi, Workstation i Fusion eliminują lukę w zabezpieczeniach (CVE-2022-31705) vmware.com/security/advis… | 2022-12-13 21:01:34 |
| @the_yellow_fall |
CVE-2022-31705: VMware ESXi, Workstation, and Fusion code execution securityonline.info/cve-2022-31705… #opensource #infosec #security #pentesting | 2022-12-14 01:05:41 |
| @AcooEdi |
CVE-2022-31705: VMware ESXi, Workstation, and Fusion code execution dlvr.it/SfKQFv via securityonline https://t.co/J7Rcokjl85 | 2022-12-14 01:12:34 |
| @piyokango |
VMSA-2022-0033 (CVE-2022-31705) vmware.com/security/advis… | 2022-12-14 01:26:57 |
| @ohhara_shiojiri |
"The VM escape flaw, documented as CVE-2022-31705, was exploited by Ant Security researcher Yuhao Jiang on systems… twitter.com/i/web/status/1… | 2022-12-14 02:08:02 |
| @FilipiPires |
CVE-2022-31705: VMware ESXi, Workstation, and Fusion code execution ift.tt/jzgdeJY #security #opensource… twitter.com/i/web/status/1… | 2022-12-14 02:38:49 |
| @omokazuki |
SIOSセキュリティブログを更新しました。 VMWareにCriticalの脆弱性(CVE-2022-31702, CVE-2022-31703, CVE-2022-31705)を追記しました。 #cve #sios_tech… twitter.com/i/web/status/1… | 2022-12-14 02:50:44 |
| @sidfm_jp |
VMware ESXi の USB 2.0 コントローラの処理に VMX プロセスの権限で任意のコードを実行される問題 (CVE-2022-31705 [44401] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2022-12-14 05:00:03 |
| @notegone |
docs.vmware.com/en/VMware-Work… VMware Workstation 16.2.5 was also released, fixing CVE-2022-31705 / download3.vmware.com/software/WKST-… download | 2022-12-14 06:17:23 |
| @certbe |
Warning: @VMware issued patches to fix 3 vulnerabilities (CVE-2022-31702, CVE-2022-31703, CVE-2022-31705) in VMwar… twitter.com/i/web/status/1… | 2022-12-14 15:07:45 |
| @lucianot54 |
"CVE-2022-31705: VMware ESXi, Workstation, and Fusion code execution" via Penetration Testing ift.tt/aYSIGt9 | 2022-12-14 15:22:01 |
| @Komodosec |
#Vulnerability #CVE202231700 CVE-2022-31705: VMware ESXi, Workstation, and Fusion code execution securityonline.info/cve-2022-31705… | 2022-12-14 17:50:03 |
| @SalgueiroMiguel |
Las vulnerabilidades críticas: • CVE-2022-31705 (CVSS 3.1: 9.3, crítico): vulnerabilidad de escritura fuera de los… twitter.com/i/web/status/1… | 2022-12-14 18:29:03 |
| @SalgueiroMiguel |
• CVE-2022-31705: Vmware Workstation 16.x-17.x, Vmware ESXI 7.0-8.0 y Vmware Fusion 12.x-13.x • CVE-2022-31702: VMw… twitter.com/i/web/status/1… | 2022-12-14 18:29:05 |
| @CVEreport |
CVE-2022-31705 : VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2… twitter.com/i/web/status/1… | 2022-12-14 19:08:03 |
| @CSIRT_Telconet |
Vulnerabilidad en VMware CVE-2022-31705 Afectó a los siguientes productos: VMware ESXi VMware Fusion Pro / Fusion (… twitter.com/i/web/status/1… | 2022-12-14 20:14:31 |
 /r/vmware |
CVE-2022-31705 | 2022-12-14 15:53:09 |
| /r/netcve |
CVE-2022-31705 | 2022-12-14 19:47:59 |
| /r/vmware |
CVE-2022-31705 vulnerability question, how does it exploit the esxi hosts? | 2022-12-15 13:47:00 |