Update March 5, 2024
Today, VMware has released the following new security advisory:
VMSA-2024-0006 – VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
The advisory documents the remediation of the Critical and Important severity vulnerabilities demonstrated at the Tianfu Cup hacking contest. Customers should review the security advisory and direct any questions to VMware Support.
Update October 31, 2023
All attempts on our products in the 2023 Tianfu Cup contest are over. There will not be any further attempts on the 2nd day of the event. Two teams, Ant Lab and CyberAgent, have been successful with their attempts on ESXi and Workstation.
We are currently investigating the issues after having received the details. We are actively working on the remediation and plan to publish a VMware Security Advisory to provide information on updates for affected products.
We want to thank the organizers of the Tianfu Cup for allowing us to participate remotely and for working with us to address these issues.
Original post:
Greetings from the VMware Security Response Center!
We are happy to announce that VMware will be returning to the Tianfu Cup hacking contest
hosted on October 31 and November 1, in Chengdu, China. VMware will have the opportunity to
attend and to validate any demonstrations of a VMescape.
Like earlier editions of the event, two VMware hypervisors, VMware ESXi – Type 1 and
VMware Workstation – Type 2, are targets in the virtualization category with prize money of
$180,000 and $80,000 respectively.
We would like to thank the organizers of the Tianfu Cup for allowing us to participate in the
upcoming event.
Stay tuned! This post will be updated with more information as it becomes available.
If you would like to be kept informed on VMware Security Advisories (VMSAs) please sign up
here for new and updated information.
