Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

VMware Patches Code Execution Flaw in Virtual Graphics Card

VMware has patched a critical arbitrary code execution vulnerability in the SVGA virtual graphics card used by its Workstation, ESXi and Fusion products.

VMware has patched a critical arbitrary code execution vulnerability in the SVGA virtual graphics card used by its Workstation, ESXi and Fusion products.

According to an advisory published by the company on Tuesday, ESXi, Fusion and Workstation are affected by an out-of-bounds read vulnerability in the SVGA device. The flaw, tracked as CVE-2018-6974, can be exploited by a malicious guest to execute arbitrary code on the host.

The vulnerability was reported to VMware by an anonymous researcher through Trend Micro’s Zero Day Initiative (ZDI).

ZDI’s own advisory describes the security hole as a heap-based buffer overflow that allows a local attacker with low privileges on the system to escalate permissions and execute arbitrary code. ZDI revealed that the flaw was reported to VMware in mid-June.

“The specific flaw exists within the handling of virtualized SVGA,” ZDI said. “The issue results from the lack of proper validation of user-supplied data, which can result in an overflow of a heap-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.”

The same anonymous researcher likely also reported CVE-2018-6973, an out-of-bounds write vulnerability in the e1000 virtual network adapter used by Workstation and Fusion. This flaw also allows arbitrary code execution on the host and it was reported to VMware through ZDI on the same day as CVE-2018-6974. However, VMware resolved this vulnerability with patches released in mid-August.

Advertisement. Scroll to continue reading.

Exploiting this security hole also requires at least low-privileged access to the targeted system.

While VMware has classified both vulnerabilities as “critical,” ZDI has assigned them a CVSS score of 6.9, which makes them “medium” severity.

Earlier this month, VMware also patched an “important” denial-of-service (DoS) bug discovered by Cisco Talos researchers in Workstation, ESXi and Fusion, and a serious SAML authentication bypass vulnerability in the Workspace ONE Unified Endpoint Management Console.

Related: VMware Patches Critical SVGA Code Execution Flaw

Related: VMware Patches Code Execution Flaw in AirWatch Agent

Related: Vulnerabilities Patched in VMware ESXi, Workstation, Fusion

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Jazz has named Sean Robinson, Rickie Goyal, Danielle Guetta, Shani Nago, and Lior Magram as VPs and Michael Calev as COO.

AJ Shipley has been appointed Chief Product Officer at CrowdStrike.

Brinqa has named Ron Dovich as Chief AI and Automation Officer, David Allen as CTO, Steve Biagioni as CFO, and James Walta as VP of Product.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.