CVE-2021-22045

7.8 HIGH

📋 TL;DR

This CVE describes a heap-overflow vulnerability in VMware's CD-ROM device emulation that could allow a malicious actor with access to a virtual machine to potentially execute code on the hypervisor. It affects VMware ESXi, Workstation, and Fusion products. Exploitation requires access to a VM with CD-ROM emulation enabled and typically needs to be combined with other vulnerabilities for full code execution.

💻 Affected Systems

Products:

VMware ESXi
VMware Workstation
VMware Fusion

Versions: ESXi 7.0, ESXi 6.7 before ESXi670-202111101-SG, ESXi 6.5 before ESXi650-202110101-SG, Workstation 16.2.0, Fusion 12.2.0

Operating Systems: All supported guest OS with CD-ROM emulation

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CD-ROM device emulation to be enabled on the virtual machine. The vulnerability is in the hypervisor's CD-ROM emulation code.

📦 What is this software?

Cloud Foundation by Vmware

View all CVEs affecting Cloud Foundation →

Cloud Foundation by Vmware

View all CVEs affecting Cloud Foundation →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Fusion by Vmware

View all CVEs affecting Fusion →

Workstation by Vmware

View all CVEs affecting Workstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full hypervisor compromise allowing attacker to escape the virtual machine and gain control of the host system, potentially accessing all VMs and host resources.

🟠

Likely Case

Limited impact requiring additional vulnerabilities for full exploitation; most likely used in targeted attacks against specific VMware environments.

🟢

If Mitigated

Minimal impact if CD-ROM emulation is disabled or proper network segmentation and access controls are implemented.

🌐 Internet-Facing: LOW - Exploitation requires access to a virtual machine, not directly internet-facing services.

🏢 Internal Only: MEDIUM - Internal attackers with VM access could potentially exploit this, especially in multi-tenant environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to a virtual machine and typically needs to be chained with other vulnerabilities for full impact. Public proof-of-concept exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ESXi670-202111101-SG, ESXi650-202110101-SG, Workstation 16.2.1, Fusion 12.2.1

Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2022-0001.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from VMware portal. 2. Apply patch using vSphere Update Manager or CLI. 3. Restart ESXi host or VMware application. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable CD-ROM Emulation

all

Remove or disable CD-ROM device from virtual machines that don't require it

vSphere Client: Edit VM Settings > Remove CD/DVD Drive
PowerCLI: Get-VM | Get-CDDrive | Remove-CDDrive

🧯 If You Can't Patch

Disable CD-ROM device emulation on all virtual machines
Implement strict network segmentation and limit VM-to-VM communication

🔍 How to Verify

Check if Vulnerable:

Check ESXi version with: esxcli system version get. For Workstation/Fusion: Check Help > About.

Check Version:

esxcli system version get

Verify Fix Applied:

Verify patch is installed: esxcli software vib list | grep ESXi670-202111101-SG or ESXi650-202110101-SG

📡 Detection & Monitoring

Log Indicators:

Unusual CD-ROM access patterns
Hypervisor crash logs
VM escape attempt indicators

Network Indicators:

Unusual VM-to-hypervisor communication
Suspicious CD-ROM emulation traffic

SIEM Query:

source="vmware" AND ("CD-ROM" OR "cdrom") AND ("overflow" OR "crash" OR "exception")

📊 Metadata

CVE ID: CVE-2021-22045

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-787

Published: January 4, 2022

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html Third Party Advisory,VDB Entry
https://www.vmware.com/security/advisories/VMSA-2022-0001.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-003/ Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html Third Party Advisory,VDB Entry
https://www.vmware.com/security/advisories/VMSA-2022-0001.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-003/ Third Party Advisory,VDB Entry