#VU15230 Infinite loop in VMware, Inc products - CVE-2018-6977
Published: October 9, 2018
VMware Workstation
VMware Fusion
VMware ESXi
VMware, Inc
Description
The weakness exists due to an infinite loop in a 3D-rendering shader when 3D-acceleration feature is enabled. A remote attacker with normal user privileges in the guest can make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
Remediation
The workaround for this issue requires disabling the 3D-acceleration feature. The issue can only be exploited if 3D-acceleration feature is enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. The 3D-acceleration settings can be reviewed as follows.
ESXi
With Host Client or vCenter, go to the individual VM > configure > hardware > video card >
3D Graphics --> Check if "3D Graphics" is enabled.
OR
Go to individual VMX file and then check for "mks.enable3d", if the VMs have the option
"mks.enable3d=TRUE", then 3D-acceleration feature is enabled
Workstation
- Select virtual machine and select VM > Settings.
- On the Hardware tab, select Display
If the "Accelerate 3D graphics" is checked then 3D-acceleration feature is enabled.
Fusion
-From the VMware Fusion menu bar, select Window > Virtual Machine Library.
-Select a virtual machine and click Settings.
-In the Settings Window > select Display.
If the "Accelerate 3D graphics" is checked then 3D-acceleration feature is enabled.