CVE-2024-22273: 
NixOS vulnerability analysis and mitigation

The storage controllers on VMware ESXi, Workstation, and Fusion contain an out-of-bounds read/write vulnerability identified as CVE-2024-22273. This vulnerability was discovered by Hao Zheng and Jiaqing Huang from TianGong Team of Legendsec at Qi'anxin Group and was publicly disclosed on May 21, 2024. The affected products include VMware ESXi versions 7.0 and 8.0, VMware Workstation version 17.x, and VMware Fusion version 13.x (VMware Advisory).

The vulnerability has been assigned a CVSSv3 base score ranging from 7.4 to 8.1, categorized as 'Important' severity. For ESXi, the CVSS score is 7.4 with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, while for Workstation and Fusion, the score is 8.1 with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability is classified under CWE-787 (Out-of-bounds Write) and CWE-125 (Out-of-bounds Read) (NVD).

The vulnerability allows malicious actors with access to a virtual machine with storage controllers enabled to create a denial of service condition or potentially execute code on the hypervisor when combined with other vulnerabilities (VMware Advisory).

VMware has released patches to address this vulnerability. For ESXi 8.0, users should update to ESXi80U2sb-23305545, for ESXi 7.0 to ESXi70U3sq-23794019, for Workstation to version 17.5.1, and for Fusion to version 13.5.1. No workarounds are available, making patching the only mitigation option (VMware Advisory).