KLA11173 OSI vulnerability in VMware Products

Detect date:

01/09/2018

Severity:

Critical

Description:

A bounds check bypass and branch target injection vulnerability was found in VMware ESXi, VMWare Workstation and VMware Fusion. By exploiting this vulnerability malicious users can obtain sensitive information.

Affected products:

VMware Workstation 12.x earlier than 12.5.8
VMware Workstation 14.x earlier than 14.1.1
VMware Fusion earlier than 8.5.10
ESXi 6.5 earlier than ESXi550-201801401-BG
ESXi 6.0 earlier than ESXi600-201711402-SG
ESXi 5.5 earlier than ESXi550-201801402-BG

Solution:

Update to latest version
Download VMware Fusion
Download VMware Workstation Pro

Original advisories:

VMSA-2018-0004
VMSA-2018-0002

Impacts:

OSI

Related products:

VMware Workstation

CVE-IDS:

CVE-2017-57155.6High
CVE-2017-57535.6High

Exploitation:

Public exploits exist for this vulnerability.