Lucene search

[email protected]CVE-2017-4904

HistoryJun 07, 2017 - 6:29 p.m.

CVE-2017-4904

2017-06-0718:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-4904

vmware

esxi

xhci

uninitialized memory

dos

nvd

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

32.4%

JSON

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

CPENameOperatorVersion
vmware:fusionvmware fusionlt8.5.6
vmware:fusion_provmware fusion prolt8.5.6
vmware:esxivmware esxieq6.0
vmware:esxivmware esxieq6.5
vmware:esxivmware esxieq5.5
vmware:workstation_playervmware workstation playerlt12.5.5
vmware:workstation_provmware workstation prolt12.5.5

CPE	Name	Operator	Version
vmware:fusion	vmware fusion	lt	8.5.6
vmware:fusion_pro	vmware fusion pro	lt	8.5.6
vmware:esxi	vmware esxi	eq	6.0
vmware:esxi	vmware esxi	eq	6.5
vmware:esxi	vmware esxi	eq	5.5
vmware:workstation_player	vmware workstation player	lt	12.5.5
vmware:workstation_pro	vmware workstation pro	lt	12.5.5