Kaspersky LabKLA11329KLA11329 DoS vulnerability in VMware products
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
25.1%
Infinite loop vulnerability was found in VMware Workstation and VMware Fusion. Malicious users can exploit this vulnerability to cause denial of service.
Technical details
This vulnerability can be exploited if 3D-acceleration feature is enabled. Itβs enabled by default on Workstation and Fusion. Itβs needed to disable 3D-acceleration feature to mitigate this vulnerability.
Original advisories
Related products
CVE list
CVE-2018-6977 warning
Solution
Disable 3D-acceleration feature
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- VMware WorkstationVMware Fusion
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
25.1%