CVE-2024-22269

ENISA EUVD: EUVD-2024-19833 ↗

✓ Confirmed 0-Day

Triaged: March 5, 2026 2 articles Published: 2024-05-14

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.08%

probability

This CVE has a 0.08% probability of being exploited in the next 30 days.

0% Top 23.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.1

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

VulnerabilityLookup (CNA)

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Affected Products

N/A

VMware Workstation

17.x

N/A

VMware Fusion

13.x

vmware

workstation

vmware

fusion

n/a

VMware Fusion

13.x <13.5.2

n/a

VMware Workstation

17.x <17.5.2

Attack Intelligence

CWE-200 · Information Exposure CWE-664 · Improper Control of a Resource Through its Lifetime CWE-668 · Exposure of Resource to Wrong Sphere

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

Signal Intelligence

Confidenceⓘ

85%

EPSS 0.08%

CVSS v3.1 7.1

Mentions 2

Last Seen May 14, 2024

CNA Information

CNA Assigner

vmware

Analyst Note

CVE-2024-22269 is explicitly named in the BleepingComputer article titled 'VMware fixes three zero-day bugs exploited at Pwn2Own 2024,' confirming exploitation at Pwn2Own 2024 (a live hacking competition in March 2024) before the May 2024 patch date. This meets the zero-day criteria: exploited in the wild before patch availability.

Triage Info

Decided atMar 05, 2026

Published DateMay 14, 2024