"VMware Fixed Critical VM Escape Bug Demonstrated at GeekPwn Hacking Contest"
VMware patched three vulnerabilities in various products, including a virtual machine escape flaw exploited at the GeekPwn 2022 hacking competition and tracked as CVE-2022-31705. Yuhao Jiang, an Ant Security researcher, demonstrated a working exploit for the vulnerability during the GeekPwn hacking competition hosted by the Tencent Keen Security Lab. The flaw is a heap out-of-bounds write vulnerability in the USB 2.0 controller Enhanced Host Controller Interface (EHCI) with a CVSSv3 base score of 9.3. A malicious actor with local administrative privileges on a virtual machine could take advantage of this flaw to execute code as the virtual machine's VMX process on the host. Exploitation on ESXi is contained within the VMX sandbox, whereas on Workstation and Fusion, this may result in code execution on the machine where they are installed. The company also addressed command injection and directory traversal security flaws affecting the VMware vRealize Network Insight (vRNI) solution. These vulnerabilities are tracked as CVE-2022-31702 and CVE-2022-31703, respectively. This article continues to discuss the flaws recently fixed by VMware.