cnvd - cnvd-2018-20450

cnvd-2018-20450

Vulnerability from cnvd

Title: VMware ESXi, Workstation and Fusion拒绝服务漏洞

Description:

VMware ESXi、Workstation和Fusion都是美国威睿（VMware）公司的产品。VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台；VMware Workstation是一套虚拟机软件；Fusion是一套专用于在苹果机（Mac）上运行Windows应用程序的的虚拟机软件。

VMware ESXi, Workstation, and Fusion存在拒绝服务漏洞，成功利用此漏洞可能允许在guest虚拟机中具有普通用户权限的攻击者使VM无响应，并且在某些情况下，可能导致主机上的其他VM或主机本身无响应。

Severity: 中

Patch Name: VMware ESXi, Workstation and Fusion拒绝服务漏洞的补丁

Patch Description:

VMware ESXi, Workstation, and Fusion存在拒绝服务漏洞，成功利用此漏洞可能允许在guest虚拟机中具有普通用户权限的攻击者使VM无响应，并且在某些情况下，可能导致主机上的其他VM或主机本身无响应。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： https://www.vmware.com/security/advisories/VMSA-2018-0025.html

Reference: https://www.vmware.com/security/advisories/VMSA-2018-0025.html

Impacted products

Name
['VMware vSphere ESXi (ESXi)', 'VMware Workstation Pro / Player (Workstation)', 'VMware Fusion Pro', 'VMware Fusion (Fusion)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6977"
    }
  },
  "description": "VMware ESXi\u3001Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMware ESXi\u662f\u4e00\u5957\u53ef\u76f4\u63a5\u5b89\u88c5\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u670d\u52a1\u5668\u865a\u62df\u5316\u5e73\u53f0\uff1bVMware Workstation\u662f\u4e00\u5957\u865a\u62df\u673a\u8f6f\u4ef6\uff1bFusion\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002\r\n\r\nVMware ESXi, Workstation, and Fusion\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u5728guest\u865a\u62df\u673a\u4e2d\u5177\u6709\u666e\u901a\u7528\u6237\u6743\u9650\u7684\u653b\u51fb\u8005\u4f7fVM\u65e0\u54cd\u5e94\uff0c\u5e76\u4e14\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u53ef\u80fd\u5bfc\u81f4\u4e3b\u673a\u4e0a\u7684\u5176\u4ed6VM\u6216\u4e3b\u673a\u672c\u8eab\u65e0\u54cd\u5e94\u3002",
  "discovererName": "Cisco Talos\u7684Piotr Bania",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2018-0025.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20450",
  "openTime": "2018-10-10",
  "patchDescription": "VMware ESXi\u3001Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMware ESXi\u662f\u4e00\u5957\u53ef\u76f4\u63a5\u5b89\u88c5\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u670d\u52a1\u5668\u865a\u62df\u5316\u5e73\u53f0\uff1bVMware Workstation\u662f\u4e00\u5957\u865a\u62df\u673a\u8f6f\u4ef6\uff1bFusion\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002\r\n\r\nVMware ESXi, Workstation, and Fusion\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u5728guest\u865a\u62df\u673a\u4e2d\u5177\u6709\u666e\u901a\u7528\u6237\u6743\u9650\u7684\u653b\u51fb\u8005\u4f7fVM\u65e0\u54cd\u5e94\uff0c\u5e76\u4e14\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u53ef\u80fd\u5bfc\u81f4\u4e3b\u673a\u4e0a\u7684\u5176\u4ed6VM\u6216\u4e3b\u673a\u672c\u8eab\u65e0\u54cd\u5e94\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware ESXi, Workstation and Fusion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware vSphere ESXi (ESXi)",
      "VMware Workstation Pro / Player (Workstation)",
      "VMware Fusion Pro",
      "VMware  Fusion (Fusion)"
    ]
  },
  "referenceLink": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-10",
  "title": "VMware ESXi, Workstation and Fusion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-6977 (GCVE-0-2018-6977)

Vulnerability from cvelistv5

Published

2018-10-09 20:00

Modified

2024-09-16 20:26

Severity ?

CWE

Denial-of-service vulnerability

Summary

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/105549	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041821	vdb-entry, x_refsource_SECTRACK
	https://www.vmware.com/security/advisories/VMSA-2018-0025.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041822	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor

Product

Version

▼

VMware

ESXi

Version: 6.7, 6.5, 6.0

	VMware	Workstation	Version: 15.x and 14.x
	VMware	Fusion	Version: 11.x and 10.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105549",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105549"
          },
          {
            "name": "1041821",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
          },
          {
            "name": "1041822",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041822"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ESXi",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "6.7, 6.5, 6.0"
            }
          ]
        },
        {
          "product": "Workstation",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "15.x and 14.x"
            }
          ]
        },
        {
          "product": "Fusion",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "11.x and 10.x"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T09:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "105549",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105549"
        },
        {
          "name": "1041821",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
        },
        {
          "name": "1041822",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041822"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "DATE_PUBLIC": "2018-10-09T00:00:00",
          "ID": "CVE-2018-6977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ESXi",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.7, 6.5, 6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Workstation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "15.x and 14.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fusion",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.x and 10.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial-of-service vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105549",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105549"
            },
            {
              "name": "1041821",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041821"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
            },
            {
              "name": "1041822",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041822"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2018-6977",
    "datePublished": "2018-10-09T20:00:00Z",
    "dateReserved": "2018-02-14T00:00:00",
    "dateUpdated": "2024-09-16T20:26:19.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted