How to remove USB controllers from a Virtual Machine
search cancel

How to remove USB controllers from a Virtual Machine

book

Article ID: 316384

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

VMware has investigated the following USB controller vulnerabilities and determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article. 

VMSA-2024-0006 (CVE-2024-22252, CVE-2024-22253, CVE-2024-22255)

Resolution

Please refer to VMSA-2024-0006 for the resolution.

Workaround:

The below workaround is meant to be a temporary solution until updates documented in the VMSA can be deployed.

The workaround is to remove all USB controllers from the Virtual Machine. As a result, USB passthrough functionality will be unavailable.

In addition, virtual/emulated USB devices, such as VMware virtual USB stick or dongle, will not be available for use by the virtual machine. In contrast, the default keyboard/mouse as input devices are not affected as they are, by default, not connected through USB protocol but have a driver that does software device emulation in the guest OS.

IMPORTANT:
Certain guest operating systems, including Mac OS, do not support using a PS/2 mouse and keyboard. These guest operating systems will be left without a mouse and keyboard without a USB controller.

The procedure for removing the virtual USB controllers for the affected products is as follows:

VMware ESXi:
Steps to remove a USB controller from a VMware ESXi virtual machine (87617)

VMware Fusion:
Remove the USB Controller

VMware Workstation Player:
Removing Hardware from a Virtual Machine

VMware Workstation Pro:
Removing Hardware from a Virtual Machine
 


Additional Information

Regarding CVE-2024-22254 as part of VMSA-2024-0006, this CVE has no workaround.

Powered by Wolken Software