10 October 18, 13:04
(This post was last modified: 10 October 18, 13:06 by silversurfer.)
Quote:VMware published an advisory with workarounds for a denial-of-service vulnerability in its vSphere ESXi, Workstation (Pro / Player), and VMware Fusion (Fusion Pro) products discovered by Cisco Talos's Piotr Bania and exploitable when the 3D-acceleration feature is enabled.
According to VMware 3D-acceleration is not enabled by default on VMware vSphere ESXi, but it comes toggled on all versions of VMware Workstation and VMware Fusion.
According to VMware advisory, the vulnerability will trigger a denial-of-service because of an infinite loop caused by a maliciously crafted 3D-rendering shader.
Furthermore, according to Cisco Talos, the malformed pixel shader can be provided by a potential attacker in either binary or text form to the target within a VMware guest operating system.
Source: https://news.softpedia.com/news/vmware-w...3150.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
