VMware released critical security updates this past Friday to fix critical vulnerabilities in ESXi, Workstation and Fusion.
Affected products include VMware vSphere ESXi (ESXi), VMware Workstation Pro / Player (Workstation) and
VMware Fusion Pro, Fusion (Fusion).
The update addresses two uninitialized stack memory usage vulnerabilities CVE-2018-6981 and CVE-2018-6982.
Each of the issues is related to vmxnet3 uninitialized stack memory usage:
“VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue.”