Vulnerability identifier: #VU15230
Vulnerability risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
VMware Workstation
Client/Desktop applications /
Virtualization software
VMware Fusion
Client/Desktop applications /
Virtualization software
VMware ESXi
Operating systems & Components /
Operating system
Vendor: VMware, Inc
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to an infinite loop in a 3D-rendering shader when 3D-acceleration feature is enabled. A remote attacker with normal user privileges in the guest can make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
Mitigation
The workaround for this issue requires disabling the 3D-acceleration feature. The issue can only be exploited if 3D-acceleration feature is enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. The 3D-acceleration settings can be reviewed as follows.
ESXi
With Host Client or vCenter, go to the individual VM > configure > hardware > video card >
3D Graphics --> Check if "3D Graphics" is enabled.
OR
Go to individual VMX file and then check for "mks.enable3d", if the VMs have the option
"mks.enable3d=TRUE", then 3D-acceleration feature is enabled
Workstation
- Select virtual machine and select VM > Settings.
- On the Hardware tab, select Display
If the "Accelerate 3D graphics" is checked then 3D-acceleration feature is enabled.
Fusion
-From the VMware Fusion menu bar, select Window > Virtual Machine Library.
-Select a virtual machine and click Settings.
-In the Settings Window > select Display.
If the "Accelerate 3D graphics" is checked then 3D-acceleration feature is enabled.
Vulnerable software versions
VMware Workstation: All versions
VMware ESXi: All versions
VMware Fusion: All versions
External links
http://www.vmware.com/security/advisories/VMSA-2018-0025.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.