N/A

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

N/A

N/A

VMware ESXi缓冲区错误漏洞

Vmware VMware ESXi是美国威睿（Vmware）公司的一套可直接安装在物理服务器上的服务器虚拟化平台。 多款 Vmware 产品中存在缓冲区错误漏洞，该漏洞源于产品的CD-ROM设备仿真功能未能正确判断内存边界。攻击者可通过该漏洞在虚拟机中执行代码。

N/A

N/A