VMware ESXi XHCI USB Controller Heap Overflow Vulnerability
Summary
A heap overflow vulnerability in the XHCI USB controller in VMware ESXi allows a virtual machine to execute code on the hypervisor.
Description
VMware ESXi contains a heap overflow vulnerability in the XHCI USB controller that allows a guest virtual machine to execute code on the ESXi host. This vulnerability can be exploited by an attacker with local administrative privileges on a virtual machine to escape from the virtual machine to the hypervisor.
The vulnerability exists in the way the XHCI USB controller handles certain USB requests from guest virtual machines. A specially crafted series of USB requests can trigger a heap overflow condition, potentially allowing arbitrary code execution on the ESXi host with root privileges.
This vulnerability is particularly severe as it allows for virtual machine escape, which breaks the fundamental security boundary between virtual machines and the hypervisor.
Affected Products
- ESXi 8.0 before ESXi80U1d-21495797
- ESXi 7.0 before ESXi70U3q-21717920
- ESXi 6.7 before ESXi670-202308401-SG
CVSS Score
About the Author
Michael Chen
Security Researcher
Michael specializes in hypervisor security and has discovered multiple vulnerabilities in virtualization platforms.