CVE-2024-22268

ENISA EUVD: EUVD-2024-19832 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 2 articles Published: 2024-05-14
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.09%
probability
This CVE has a 0.09% probability of being exploited in the next 30 days.
0% Top 25.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.1
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Description

VulnerabilityLookup (CNA)
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

Affected Products

N/A
VMware Workstation
17.x
N/A
VMware Fusion
13.x

Attack Intelligence

Signal Intelligence

Confidence
85%
EPSS 0.09%
CVSS v3.1 7.1
Mentions 2
Last Seen May 14, 2024

CNA Information

CNA Assigner
vmware

Analyst Note

CVE-2024-22268 is explicitly listed as one of three zero-day bugs exploited at Pwn2Own 2024, with patch released May 14, 2024. The timing and explicit naming in the Pwn2Own context (a live exploitation competition) confirms this was exploited before or coincident with patch availability, meeting zero-day criteria.

Triage Info

Decided atMar 05, 2026
Published DateMay 14, 2024