Patch/Configuration Management, Vulnerability Management

VMware issues advisory for a DoS vulnerability

VMware issued a security advisory for an “important-rated” denial of service (DoS) vulnerability.

The issue, CVE-2018-6977, affects VMware’s vSphere ESXi, Workstation Pro/Player and Fusion Pro is due to the ability to create an infinite loop in a 3D-rendering. This can be accomplished by an attacker, who already has normal user privileges as a guest, who inserts a specially crafted 3D shader designed to loop for an infinite amount of time effectively locking up the VM’s virtual graphics device. VMware's hypervisor may miss a malicious shader if it is particularly well formed, the company said in its advisory.

A patch has not been issued for this problem, but a workaround includes disabling the 3D-acceleration feature as the bug can only be exploited if the 3D-acceleration feature is operational.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.