VMware Plugs Security Holes in Workstation, Fusion and ESXi


Tracked as CVE-2021-22045 (CVSS score of 7.7), the security vulnerability exists in the CD-ROM device emulation function of Workstation, Fusion and ESXi.

In an advisory, VMWare said the security defect could be exploited by attackers with access to a virtual machine that has CD-ROM device emulation enabled.

An attacker capable of combining the security error with additional flaws could eventually achieve code execution on the hypervisor from the virtual machine.

Disabling or disconnecting the CD-ROM/DVD devices on all running virtual machines should prevent potentially exploitation.