VMware issued a security advisory for an “important-rated” denial of service (DoS) vulnerability.
The issue, CVE-2018-6977, affects VMware’s vSphere ESXi, Workstation Pro/Player and Fusion Pro is due to the ability to create an infinite loop in a 3D-rendering. This can be accomplished by an attacker, who already has normal user privileges as a guest, who inserts a specially crafted 3D shader designed to loop for an infinite amount of time effectively locking up the VM’s virtual graphics device. VMware’s hypervisor may miss a malicious shader if it is particularly well formed, the company said in its advisory.
A patch has not been issued for this problem, but a workaround includes disabling the 3D-acceleration feature as the bug can only be exploited if the 3D-acceleration feature is operational.