Plain Virtualization

Two security advisories was sent out on Tuesday 15th Feb. One affecting mainly virtualization platform such as ESXi, Workstation, Fusion and Cloud Foundation. While the other impacts NSX-V and Cloud Foundation that contain NSX-V. Both advisories contains vulnerabilities that has a CVSSv3 score of  more than 8. Except for one that is in the first advisory at time of writing. Check back to the advisories for the updated fix once available. The good news is all fixes are now available except pending for Cloud Foundation for CVE-2022-22945. Below is the security advisories which contain the respective CVE. VMSA-2022-0004 Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) - 8.4 Double-fetch vulnerability in UHCI USB controller (CVE-2021-22041) - 8.4 ESXi settingsd unauthorized access vulnerability (CVE-2021-22042) - 8.2 ESXi settingsd TOCTOU vulnerability (CVE-2021-22043) - 8.2 ESXi slow HTTP POST denial of service vulnerability (CVE-2021-22050) - 5.3 VMSA-2022-0005 VMware

The first round of application for vExpert 2022 has been announced . Congrats to all existing vExpert 2022.  For those who were vExpert 2021, you will notice, there is an one off extension to be granted vExpert 2022. I believe this is due to the COVID situation where contribution has been reduced. Do keep your community contribution going this year so as to renew for next year. To find out the list of vExpert, check out the vExpert directory .