VMware urges emergency action to blunt hypervisor flaws

VMware disclosed four critical hypervisor vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) affecting Workstation, Fusion and ESXi that can lead to guest-to-host code execution or VMX process out-of-bounds writes; virtual USB controllers are the primary vector and VMware recommends removing USB controllers as a workaround while patches are issued.