漏洞描述
该漏洞存在于VMware ESXi和Workstation产品中的VMCI(Virtual Machine Communication Interface)组件的堆内存处理机制中。当系统处理特定的VMCI请求时,由于缺乏适当的边界检查,可能导致堆内存溢出。攻击者需要具有虚拟机的本地管理员权限才能利用此漏洞。该漏洞的根本原因是VMCI组件在处理内存分配时未能正确验证输入数据的大小。
VMware ESXi/Workstation VMCI堆溢出漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-21973: VMware vSphere - Server-Side Request Forgery
- POC CVE-2021-21978: VMware View Planner <4.6 SP1- Remote Code Execution
- POC CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-31656: VMware - Local File Inclusion
- POC CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution
- POC CVE-2023-20887: VMware VRealize Network Insight - Remote Code Execution
- POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability