Update: 2017-09-15 Corrected the underlying component affected from SVGA driver to device.
Today VMware has released the following new security advisory:
“VMSA-2017-0015.1 – VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities”
This documents the remediation of a critical severity issue (CVE-2017-4924) and two moderate severity issues (CVE-2017-4925 and CVE-2017-4926). These issues affect VMware ESXi, VMware Workstation, VMware Fusion and VMware vCenter Server.
Issue (a) CVE-2017-4924 is an out-of-bounds write vulnerability in SVGA device which may allow a guest to execute code on the host. This issue affects ESXi 6.5, Fusion and Workstation. It has been addressed through an ESXi 6.5 patch, and in Fusion 8.5.8 and Workstation 12.5.7. ESXi 6.0 and 5.x are not affected.
Issue (b) CVE-2017-4925 is a NULL pointer dereference vulnerability that occurs when handling guest RPC requests. This may allow attackers with normal user privileges to crash their VMs. ESXi, Fusion and Workstation are affected. Fusion 8.5.4 and Workstation 12.5.3 fix this issue. Please refer to VMSA-2017-0015 for ESXi 6.5, 6.0 and 5.5 patches.
Issue (c) CVE-2017-4926 is a stored XSS in H5 Client and affects only VMware vCenter Server 6.5. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. vCenter Server 6.5 U1 fixes this issue.
We would like to thank Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG (haftungsbeschraenkt) working with ZDI, Zhang Haitao, and Thomas Ornetzeder for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.