#VU15230 Infinite loop


Published: 2018-10-09

Vulnerability identifier: #VU15230

Vulnerability risk: Low

CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-6977

CWE-ID: CWE-835

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software
VMware ESXi
Operating systems & Components / Operating system

Vendor: VMware, Inc

Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop in a 3D-rendering shader when 3D-acceleration feature is enabled. A remote attacker with normal user privileges in the guest can make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

Mitigation

The workaround for this issue requires disabling the 3D-acceleration feature. The issue can only be exploited if 3D-acceleration feature is enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. The 3D-acceleration settings can be reviewed as follows.

  ESXi

 With Host Client or vCenter, go to the individual VM > configure >  hardware > video card >

 3D Graphics --> Check if "3D Graphics" is enabled.
    OR  

 Go to individual VMX file and then check for "mks.enable3d", if the VMs have the option  

 "mks.enable3d=TRUE", then 3D-acceleration  feature is enabled
  

Workstation
   - Select virtual machine and select VM > Settings.
   - On the Hardware tab, select Display
    If the "Accelerate 3D graphics" is checked then 3D-acceleration feature is enabled.
   
 Fusion
   -From the VMware Fusion menu bar, select Window > Virtual Machine Library.
   -Select a virtual machine and click Settings.
   -In the Settings Window > select Display.
    If the "Accelerate 3D graphics" is checked then 3D-acceleration feature is enabled.

Vulnerable software versions

VMware Workstation: All versions

VMware ESXi: All versions

VMware Fusion: All versions

External links
http://www.vmware.com/security/advisories/VMSA-2018-0025.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of service in VMware ESXi, Workstation, and Fusion