ID CVE-2017-4924
Summary VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-02-2022 - 19:44)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 100843
confirm https://www.vmware.com/security/advisories/VMSA-2017-0015.html
misc https://0patch.blogspot.com/2017/10/micropatching-hypervisor-with-running.html
sectrack
  • 1039365
  • 1039366
Last major update 03-02-2022 - 19:44
Published 15-09-2017 - 13:29
Last modified 03-02-2022 - 19:44
Back to Top