a. Out-of-bounds write vulnerability in SVGA
VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
VMware would like to thank Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG (haftungsbeschraenkt) working with ZDI for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4924 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
esxi | lt | ESXi650-201707101-SG | |
workstation | lt | 12.5.7 | |
fusion | lt | 8.5.8 | |
esxi | lt | ESXi600-201706101-SG | |
esxi | lt | ESXi550-201709101-SG | |
workstation | lt | 12.5.3 | |
fusion | lt | 8.5.4 | |
vcenter server | lt | 6.5 U1 |