Main Vulnerability Database SB2018100914

SB2018100914 - Denial of service in VMware ESXi, Workstation, and Fusion

Published: October 9, 2018

Security Bulletin ID SB2018100914

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Infinite loop (CVE-ID: CVE-2018-6977)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop in a 3D-rendering shader when 3D-acceleration feature is enabled. A remote attacker with normal user privileges in the guest can make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.vmware.com/security/advisories/VMSA-2018-0025.html

SB2018100914 - Denial of service in VMware ESXi, Workstation, and Fusion

Breakdown by Severity

Description

Remediation

References

Please verify you're human