Vulnerabilities > CVE-2018-6977 - Infinite Loop vulnerability in VMWare Esxi, Fusion and Workstation

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
vmware
CWE-835
NVD
Published: 2018-10-09
Updated: 2019-10-03

Summary

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

Vulnerable Configurations

Part Description Count
OS
Vmware
3
Application
Vmware
21

Common Weakness Enumeration (CWE)

Talos

idTALOS-2018-0589
last seen2019-05-29
published2018-10-09
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0589
titleVMware Workstation 14 Shader Functionality Assert Denial Of Service

References