EXECUTIVE SUMMARY:
A critical vulnerability chain has been discovered in VMware Workstation that allows attackers to escape a guest VM and execute arbitrary code on the host system. The flaw leverages issues in the virtual Bluetooth device, affecting versions 17.0.1 and earlier.
CVE-2023-20870,CVE-2023-34044: These flaws(CVSS 6.0 and CVSS 7.1) allow attackers to read sensitive memory from the host system. By leaking memory layout information, they can bypass security protections like ASLR, facilitating further exploitation.
CVE-2023-20869: A flaw(CVSS 8.2) in the virtual Bluetooth device allows attackers to overwrite the stack, corrupt execution flow, and execute arbitrary code. When combined with the information leak, this enables full host compromise from a guest VM.
RECOMMENDATION:
We strongly recommend updating VMware Workstation to version 17.0.2 and 17.5.0 .
REFERENCES:
The following reports contain further technical details: