Vulnerabilities > CVE-2018-6977 - Infinite Loop vulnerability in VMWare Esxi, Fusion and Workstation
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2018-0589 |
last seen | 2019-05-29 |
published | 2018-10-09 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0589 |
title | VMware Workstation 14 Shader Functionality Assert Denial Of Service |
References
- http://www.securityfocus.com/bid/105549
- http://www.securityfocus.com/bid/105549
- http://www.securitytracker.com/id/1041821
- http://www.securitytracker.com/id/1041821
- http://www.securitytracker.com/id/1041822
- http://www.securitytracker.com/id/1041822
- https://www.vmware.com/security/advisories/VMSA-2018-0025.html
- https://www.vmware.com/security/advisories/VMSA-2018-0025.html