VMware critical security updates for ESXi, Workstation and Fusion

VMware released critical security updates this past Friday to fix critical vulnerabilities in ESXi, Workstation and Fusion. 

Affected products include VMware vSphere ESXi (ESXi), VMware Workstation Pro / Player (Workstation) and 
VMware Fusion Pro, Fusion (Fusion).

The update addresses two uninitialized stack memory usage vulnerabilities CVE-2018-6981 and CVE-2018-6982.

Each of the issues is related to vmxnet3 uninitialized stack memory usage:

“VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue.”

Leave a Reply