Update November 9, 2018 – Release of VMware Security Advisory VMSA-2018-0027

Today, VMware has released the following new security advisory:

VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

The advisory documents the remediation of the critical and important security vulnerabilities that were demonstrated in the GeekPwn2018 event. These issues affect ESXi, VMware Workstation, and VMware Fusion, and may allow a guest to execute code on the host.

Customers should review the security advisory and direct any questions to VMware Support.

Original post
VMware is aware of the security vulnerability that was demonstrated at the GeekPwn2018 event. We have been in contact with the organizers of GeekPwn2018 and they have provided us with the details of the issue. We are actively working on its remediation and we plan on publishing a VMware Security Advisory to provide information on updates for affected products.

Please sign up for VMware Security Advisories (here) to be notified when this advisory and future advisories are published.

We would like to thank the organizers of GeekPwn2018 and security researcher Zhangyanyu for working with us on responsible disclosure of this issue.