VMware is issuing patches for its ESXi, Workstation and Fusion products to fix a pair of flaws that, if exploited, could each allow attackers with local administrative privileges on virtual machines to execute code as the virtual machine’s VMX process running on the host.
The use-after-free flaws (CVE-2024-22252 and CVE-2024-22253) are two of four vulnerabilities disclosed by VMware Tuesday after they were discovered during the 2023 Tianfu Cup Pwn Contest. VMware said it…