CVE-2018-6977 - VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial

CVE-2018-6977

Summary

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

References

Vulnerable Configurations

cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:15.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:15.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:15.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:15.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:11.0.2:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-835

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	105549
confirm	https://www.vmware.com/security/advisories/VMSA-2018-0025.html
sectrack	1041821 1041822

Last major update

03-10-2019 - 00:03

Published

09-10-2018 - 20:29

Last modified

03-10-2019 - 00:03