Primary

Context

AMD Ionic Cloud Driver Privilege Escalation Vulnerability in VMware ESXi

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the Ionic cloud driver for VMware ESXi, specifically in hosts running ESXi 8.x with AMD-Pensando DPU products. This vulnerability could allow an attacker to escalate privileges, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation and arbitrary code execution on the affected system.

Remediation

Users are advised to update to ESXi 8.0U3i, which is included in VCF 5.2.3.0 or the 9.0.2 release. Both of these versions address the vulnerability.

Added: May 13, 2026, 5:01 PM

Updated: May 13, 2026, 5:01 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Ionic Cloud Driver Privilege Escalation Vulnerability in VMware ESXi

Vulnerability

Impact

Remediation

Affected Products

AMD Ionic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating