VMware has released updates to fix multiple security flaws in its Workstation and Fusion software. The most severe of the vulnerabilities is a stack-based buffer-overflow vulnerability that could allow local attackers to execute code as the virtual machine's VMX process running on the host. Other vulnerabilities that were fixed include an out-of-bounds read vulnerability that could enable a local adversary with admin privileges to read sensitive information contained in hypervisor memory from a virtual machine, a local privilege escalation flaw, and an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. VMware is recommending that users turn off Bluetooth support on the virtual machine as a temporary workaround for the first two vulnerabilities. The flaws have been addressed in Workstation version 17.0.2 and Fusion version 13.0.2.