Workaround Instructions for CVE-2021-22040 and CVE-2021-22041
search cancel

Workaround Instructions for CVE-2021-22040 and CVE-2021-22041

book

Article ID: 318956

calendar_today

Updated On:

Products

VMware Desktop Hypervisor VMware vSphere ESXi

Issue/Introduction

VMware has investigated CVE-2021-22040 and CVE-2021-22041 and has determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article.

This workaround is meant to be a temporary solution until updates documented in VMSA-2022-0004 can be deployed.
 


Environment

VMware Workstation Pro 16.x (Windows)
VMware vSphere ESXi 6.7
VMware vSphere ESXi 6.5
VMware vSphere ESXi 7.0.0
VMware Workstation Pro 16.x (Linux)
VMware Fusion 12.x

Resolution

Resolution is documented in VMware ESXi Updates For VMSA-2022-0004

For details on the VMware ESXi fixes available, please see https://knowledge.broadcom.com/external/article/317663/vmware-esxi-updates-for-vmsa20220004.html


Workaround:

The workaround for both CVE-2021-22040 and CVE-2021-22041 is to remove all USB controllers from the Virtual Machine. As a result, USB pass through functionality will be unavailable.

In addition, virtual/emulated USB devices, such as VMware virtual USB stick or dongle will not be available for use by the virtual machine while the default keyboard/mouse as input devices are not affected as they are per default not connected through USB protocol but have a driver that does software device emulation in the guest OS.


IMPORTANT:
Certain guest operating systems, including Mac OS do not support using a PS/2 mouse and keyboard. Without a USB controller. these guest operating systems will be left without a mouse and keyboard.

The procedure for removing the virtual USB controllers for the affected products is described here:



Powered by Wolken Software