==================================================================== CERT-Renater Note d'Information No. 2018/VULN332 _____________________________________________________________________ DATE : 17/10/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware ESXi, VMware Workstation, VMware Fusion. ===================================================================== https://lists.vmware.com/pipermail/security-announce/2018/000439.html _____________________________________________________________________ - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2018-0026 Severity: Critical Synopsis: VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability Issue date: 2018-10-16 Updated on: 2018-10-16 (Initial Advisory) CVE number: CVE-2018-6974 1. Summary VMware ESXi, Workstation, and Fusion updates address an out-of- bounds read vulnerability 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Fusion Pro / Fusion (Fusion) VMware Workstation Pro / Player (Workstation) 3. Problem Description Out-of-bounds read vulnerability in SVGA Device VMware ESXi, Fusion and Workstation contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6974 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround ========== ======= ====== ======== ============= =========== ESXi 6.7 ESXi Critical ESXi670-201810101-SG None ESXi 6.5 ESXi Critical ESXi650-201808401-BG None ESXi 6.0 ESXi Critical ESXi600-201808401-BG None ESXi 5.5 ESXi not affected n/a n/a Workstation 15.x Any not affected n/a n/a Workstation 14.x Any Critical 14.1.3 None Fusion 11.x OS X not affected n/a n/a Fusion 10.x OS X Critical 10.1.3 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 6.7 ------------- Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-671-release-n otes.html ESXi 6.5 ------------- Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/56547 ESXi 6.0 ------------- Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/56552 VMware Workstation Pro 14.1.3 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.3 Downloads and Documentation: https://www.vmware.com/go/downloadplayer https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.3 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://docs.vmware.com/en/VMware-Fusion/index.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6974 - ------------------------------------------------------------------------ 6. Change log VMSA-2018-0026 2018-10-16 Initial security advisory in conjunction with the release of ESXi 6.7 patch on 2018-10-16 - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================