The first and most serious of these was CVE-2024-22267, a critical use-after-free vulnerability... an unauthorized actor with access to a VM with 3D graphics enabled the ability to force the target system into a denial of service (DoS) condition.
VMware disclosed another high-severity vulnerability - CVE-2024-22269 - which is an information disclosure flaw in the bluetooth device that could allow an attacker with admin privileges on a VM to read sensitive information contained in the hypervisor memory.
Collection
[
|
...
]