Vulnerability CVE-2018-6977


Published: 2018-10-09

Description:
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

Type:

CWE-835

(Loop with Unreachable Exit Condition ('Infinite Loop'))

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Vmware -> ESXI 
Vmware -> Fusion 
Vmware -> Workstation 

 References:
http://www.securityfocus.com/bid/105549
http://www.securitytracker.com/id/1041821
http://www.securitytracker.com/id/1041822
https://www.vmware.com/security/advisories/VMSA-2018-0025.html

Copyright 2020, cxsecurity.com

 

Back to Top