VMSA-2024-0006 USB and Out-of-bounds write vulnerability
VMware has release important patches based on the advisory affecting all the hypervisor including ESXi and desktop hypervisor i.e. Workstation and Fusion which contain vulnerabilities that has a CVSSv3 of 7.1-9.3.
Most of the listed are all USB related. Most of this might nto affect ESXi since most do not use USB controller on them but more towards the desktop hypervisors.
Patches are released fro ESXi 7 and 8 and Workstation 17 and Fusion 13.
And since this is a critical severity, VMware has release patches for out of support ESXi 6.5U3v and 6.7U3u for customers on extended support. This also include VCF 3.x that happens to run such version of ESXi.
I hope everyone should have upgraded as a best practice to at least ESXi 7 to avoid such issue where you are not on support and yet running critical workload.
If you are still on ESXi 6.5U3v and ESXi 6.7U3u, I would assume you have extended support to tie you through. Do note that if you manage to get the patches from other source without extended support entitlement, you are on your own when you face any issues after applying the patches. I encourage anyone to run on supported version or at least have extended support for any reasons you cannot upgrade.
Comments