- Home
- CVEs with nessus.description==a. ESXi, Workstation, Fusion SVGA memory corruption
ESXi, Workstation, Fusion have a heap buffer overflow and
uninitialized stack memory usage in SVGA. These issues may allow
a guest to execute code on the host.
VMware would like to thank ZDI and Team 360 Security from Qihoo for
reporting these issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifiers CVE-2017-4902 (heap issue) and
CVE-2017-4903 (stack issue) to these issues.
Note: ESXi 6.0 is affected by CVE-2017-4903 but not by CVE-2017-4902.
b. ESXi, Workstation, Fusion XHCI uninitialized memory usage
The ESXi, Workstation, and Fusion XHCI controller has uninitialized
memory usage. This issue may allow a guest to execute code on
the host. The issue is reduced to a Denial of Service of the guest
on ESXi 5.5.
VMware would like to thank ZDI and Team Sniper from Tencent Security
for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4904 to this issue.
c. ESXi, Workstation, Fusion uninitialized memory usage
ESXi, Workstation, and Fusion have uninitialized memory usage. This
issue may lead to an information leak.
VMware would like to thank ZDI and Team Sniper from Tencent Security
for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4905 to this issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top