VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x prior to 14.1.3) and Fusion (10.x prior to 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware workstation |
||
vmware fusion |
||
vmware esxi 6.0 |
||
vmware esxi 6.5 |
||
vmware esxi 6.7 |
Malicious code in VMs can leap over ESXi, Workstation, Fusion hypervisor security
Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that can be exploited by malicious code to jump from guest OS to host machine. The bug, disclosed here, is designated CVE-2018-6974. The out-of-bounds read is present in the products' SVGA video device emulation, and if exploited, allows software within a guest operating system to execute code on the host machine. In other words,...