Today, VMware has released the following new security advisory:
VMSA-2018-0025 – VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability
This documents an important severity denial-of-service vulnerability that affects VMware ESXi, Workstation and Fusion. This issue arises due to an infinite loop in the 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. The issue can only be exploited if 3D-acceleration feature is enabled
3D-acceleration feature is enabled by default on Workstation and Fusion. On ESXi, this feature is not enabled by default and this is also true for Horizon 6 & 7, Horizon DaaS Platform for Service Providers, and VMC on AWS.
Because many graphics API’s and hardware lack pre-emption support, a specially crafted 3D shader may loop for an infinite amount of time and lock up a VM’s virtual graphics device. Such a shader cannot always be validated by VMware hypervisors, since it may be well-formed but still cause problems if designed to run for an extremely long time. In such cases, VMware hypervisors then rely on the host’s graphics driver to ensure that other users of 3D graphics on the host are not impacted by the malicious VM. However, many graphics drivers may themselves get into to a denial-of-service condition caused by such infinite shaders, and as a result other VMs or processes running on the host might also be affected.
There is no patch for this issue, customers must review their risk and apply the workarounds if applicable. We have released workarounds documented in VMSA-2018-0025.
We would like to thank Piotr Bania of Cisco Talos for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Also, we wanted to make you aware that Intel has released a security bulletin entitled “INTEL-SA-00166 – Multiple potential security vulnerabilities in Intel Graphics Drivers may allow escalation of privilege or denial of service . Intel is releasing Intel Graphics Driver updates to mitigate these potential vulnerabilities”.
It documents the remediation of CVE-2018-12152, CVE-2018-12153 and CVE-2018-12154. These issues have been shown to affect VMware Workstation running on Windows. Therefore, we wanted to make sure you are informed of these issues so that they can be appropriately mitigated by the updates that Intel has provided in INTEL-SA-00166.
Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance.