Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

VMware Patches Critical SVGA Code Execution Flaw

Patches released this week by VMware address several vulnerabilities, including one rated critical, in the company’s ESXi, vCenter Server, Workstation and Fusion products.

Patches released this week by VMware address several vulnerabilities, including one rated critical, in the company’s ESXi, vCenter Server, Workstation and Fusion products.

The flaw considered critical, tracked as CVE-2017-4924, is an out-of-bounds write issue in the SVGA device, an old virtual graphics card implemented by VMware virtualization products. The vulnerability can allow a guest to execute code on the host, VMware said.

Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG reported the security hole to VMware via the Zero Day Initiative (ZDI) on June 22. In its own advisory, ZDI pointed out that an attacker must somehow gain the ability to execute low-privileged code on the guest in order to exploit the flaw.

“The specific flaw exists within the Shader implementation,” ZDI said. “The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.”

While VMware has classified the vulnerability as critical, ZDI has only assigned it a CVSS score of 6.2, which puts it in the medium severity category. ESXi 6.5, Workstation 12.x and Fusion 8.x on OS X are affected.

The second vulnerability patched this week, classified as medium severity and tracked as CVE-2017-4925, was discovered by Zhang Haitao. He noticed that ESXi, Workstation and Fusion have a NULL pointer dereference vulnerability caused due to the handling of guest RPC requests. An attacker with normal user privileges can exploit this flaw to crash the VM.

This weakness affects ESXi 5.5, 6.0 and 6.5, Workstation 12.x and Fusion 8.x on OS X.

The third vulnerability, also rated medium severity, was found by Thomas Ornetzeder and it’s tracked as CVE-2017-4926. Ornetzeder discovered that the vCenter Server H5 Client on version 6.5 contains a stored cross-site scripting (XSS) flaw. An attacker that has VC user privileges can inject malicious JavaScript code that will be executed when other users access that page.

Advertisement. Scroll to continue reading.

Related: VMware Patches ‘Hard-to-Exploit’ DoS Vulnerability

Related: VMware API Allows Limited vSphere Users to Access Guest OS

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights