VMware Patches Critical Guest-to-Host Escape Issue in ESXi, Workstation, Fusion

[silversurfer]

According to VMware's security announcement, the products affected are VMWare vSphere ESXi (ESXi), VMware Workstation Pro / Player (Workstation), and VMware Fusion Pro, Fusion (Fusion).

"VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host," says VMware's VMSA-2018-0027 advisory.

It's also important to mention that according to VMware "The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue."

The CVE-2018-6981 security issue was initially reported by GeekPwn2018's organizers and Chaitin Tech's security researcher Zhangyanyu.

Source: https://news.softpedia.com/news/vmware-p...3712.shtml