Vulnerability Spotlight: VMWare Workstation DoS Vulnerability

Today, Cisco Talos is disclosing a vulnerability in VMware Workstation that could result in denial of service. VMware Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently.

TALOS-2018-0589

Discovered by Piotr Bania of Cisco Talos

TALOS-2018-0589 / CVE-2018-6977 is an exploitable denial-of-service (DoS) vulnerability in the VMware Workstation 14 software. The vulnerability lies in the pixel shader utilized by VMware Workstation and can be triggered by supplying a malformed pixel shader in either text or binary form inside a VMware guest operating system. This vulnerability can be triggered from VMware guest or VMware hosts and results in a process crashing leading to a DoS state. Additionally, it is possible to trigger the vulnerability through WEBGL, assuming the browser will not use ANGLE and will supply the malformed shader as intended.

For more technical details, please read our advisory here.

Tested Software:

VMware Workstation 14 (14.1.1.28517)

Coverage

Talos has developed the following Snort rules to detect attempts to exploit this vulnerability. Note that these rules are subject to change pending additional vulnerability information. For the most current information, please visit your Firepower Management Center or Snort.org.

Snort Rules: 46541 - 46542

For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal: http://www.talosintelligence.com/vulnerability-reports/

To review our Vulnerability Disclosure Policy, please visit this site:

http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html