For VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.
Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Exploitation is only possible if virtual printing is enabled in the Guest VM. Virtual printing is not enabled by default on Workstation and Fusion. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
Update VMware Workstation Pro and Player to version 15.5.2:
VMware Workstation Pro 15.5.2
VMware Workstation Player 15.5.2
Update VMwareFusion to version 11.5.2:
Update VMware Horizon Client for Windows to version 5.3.0:
VMware Horizon Client for Windows 5.3.0
Update VMware Remote Console for Windows to 11.0.0:
VMware Remote Console for Windows 11.0.0