VMware informed customers last week that it patched several vulnerabilities that can lead to a denial-of-service (DoS) condition or information disclosure in its ESXi, Workstation, and Fusion products.
VMware described the flaws as out-of-bounds read issues in the shader translator component. An attacker with regular user privileges can exploit the security holes to obtain information or crash virtual machines.
The vulnerabilities, classified as “important,” are tracked as CVE-2018-6965, CVE-2018-6966 and CVE-2018-6967. A Tencent ZhanluLab researcher who uses the online moniker “RanchoIce” has been credited for reporting the flaws to VMware. A researcher from Cisco Talos independently discovered CVE-2018-6965.
According to VMware, the flaws impact ESXi 6.7 and Workstation 14.x running on any platform, and Fusion 10.x running on OS X. Patches and updates have been released for each of the affected products.
Cisco Talos has published an advisory containing technical details for CVE-2018-6965. The company has assigned a CVSS score of 6.5 to this vulnerability, which puts it near the “high severity” range.
“A specially crafted pixel shader can cause a read access violation resulting in, at least, denial of service. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from VMware guest and VMware host, which will be affected (leading to vmware-vmx.exe process crash on host),” Talos wrote in its advisory.
“In short, it is possible to create a shader in such a way that it will cause invalid pointer calculation. The pointer is later used for read memory operations. This causes access violation due to the pointer being invalid, which results in a denial of service, but could potentially be turned into an information disclosure vulnerability,” Talos added.
Related: VMware Patches Code Execution Flaw in AirWatch Agent
Related: VMware Patches Fusion, Workstation Vulnerabilities
Related: VMware Patches DoS Vulnerability in Workstation, Fusion
