Vulnerabilities > CVE-2018-6974 - Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

vmware

CWE-125

nessus

NVD

Published: 2018-10-16

Updated: 2022-06-02

Summary

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workstation 14.0 Vmware Workstation 14.0.0 Vmware Workstation 14.1 Vmware Workstation 14.1.0 Vmware Workstation 14.1.1 Vmware Workstation 14.1.2 Vmware Fusion 10.0 Vmware Fusion 10.0.0 Vmware Fusion 10.0.1 Vmware Fusion 10.1.0 Vmware Fusion 10.1.1 Vmware Fusion 10.1.2	13
OS	Apple Apple MAC OS X -	1
OS	Vmware Vmware Esxi 6.0 Vmware Esxi 6.5 Vmware Esxi 6.7	123

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

NASL family	General
NASL id	VMWARE_WORKSTATION_LINUX_VMSA_2018_0026.NASL
description	The version of VMware Workstation installed on the remote Linux host is 14.x prior to 14.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	118464
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118464
title	VMware Workstation 14.x < 14.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Linux)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FUSION_VMSA_2018_0026.NASL
description	The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	118465
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118465
title	VMware Fusion 10.x < 10.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (macOS)

NASL family	Misc.
NASL id	VMWARE_ESXI_VMSA-2018-0026.NASL
description	The remote VMware ESXi host is version 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	118466
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118466
title	ESXi 6.0 / 6.5 / 6.7 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Remote Check)

NASL family	Windows
NASL id	VMWARE_WORKSTATION_WIN_VMSA_2018_0026.NASL
description	The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	118467
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118467
title	VMware Workstation 14.x < 14.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2018-0026.NASL
description	Out-of-bounds read vulnerability in SVGA Device VMware ESXi, Fusion and Workstation contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware would like to thank Anonymous working with Trend Micro
last seen	2020-06-01
modified	2020-06-02
plugin id	118360
published	2018-10-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118360
title	VMSA-2018-0026 : VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References