Today, VMware has released the following new security advisory:
The advisory documents the remediation of a Critical severity out-of-bounds read vulnerability (CVE-2018-6974) in VMware ESXi, Workstation, and Fusion. The issue exists in SVGA device and may allow a guest to execute code on the host.
We would like to thank Anonymous working with Trend Micro’s Zero Day Initiative for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisory and direct any questions to VMware Support.