CVE-2023-34044

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Published: Oct 20, 2023
Updated: Oct 29, 2023
CVE: CVE-2023-34044
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
vmware / workstation	17.0.0	17.5
vmware / fusion	13.0.0	13.5

https://www.vmware.com/security/advisories/VMSA-2023-0022.html

Vulnerability Database

289,689

CVE-2023-34044