Update May 14, 2024
Today, VMware has released the following new security advisory:
VMSA-2024-0010 – VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270)
The advisory documents the remediation of the Critical and Important severity vulnerabilities demonstrated at the Pwn2Own 2024 hacking contest. Customers should review the security advisory and direct any questions to VMware Support.
Update March 21, 2024
Pwn2Own 2024 has wrapped up its second day with a large number of targets and attempts performed. On the first day (March 20th 2024), Theori demonstrated an issue on VMware Workstation. Later that day, STAR Labs SG was not successful in demonstrating their exploit for ESXi.
On Day 2, STAR Labs SG team managed to demonstrate an issue on VMware Workstation. After lengthy review, it was determined to be partially known. We are currently investigating the issues after having received the details from both Workstation demonstrations. We are actively working on their remediation and we plan on publishing a VMware Security Advisory to provide information on updates for affected products.
We would like to thank Zero Day Initiative (ZDI) for allowing us to participate. In addition, we would like to thank Theori and STAR Labs SG for working with us to address the reported issues.
Original Post
Greetings from the VMware Security Response Center!
We are happy to announce that VMware by Broadcom will be a part of the Pwn2Own 2024 hosted on March 20th-22nd, in Vancouver, Canada.
Similar to last year, VMware ESXi – Type 1 and VMware Workstation – Type 2 Hypervisors are the targets in the virtualization category with a prize money of $180,000 and $80,000 respectively. We would like to thank the organizers of Pwn2Own for allowing us to participate in the upcoming event.
We will have the opportunity to attend in person to validate any demonstrations of a VMescape. If you are planning to attend Pwn2Own, then come and say hello to us. We will be happy to connect with you.
Stay tuned! This post will be updated with more information as they become available.
If you want to be informed on VMware Security Advisories (VMSAs), please sign up here for new and updated information.
