Home > Blogs > VMware Security & Compliance Blog


VMware and the Tianfu Cup PWN Contest

Update November 22, 2018 – Release of VMware Security Advisory VMSA-2018-0030
Today VMware has released the following new security advisory:

VMSA-2018-0030 – VMware Workstation and Fusion updates address an integer overflow issue.

The advisory documents the remediation of the critical severity vulnerability which was demonstrated at the Tianfu Cup PWN Contest.
This issue affects VMware Workstation and VMware Fusion, and may allow a guest to execute code on the host.

Customers should review the security advisory and direct any questions to VMware Support.

Update November 17, 2018
The Tianfu Cup PWN Contest has wrapped up after Day 2. No additional teams targeted VMware Workstation on Day 2.

We are actively working on remediation, of the issue reported on Day 1, for VMware Workstation and Fusion.
VMware vSphere ESXi is unaffected.
We plan on publishing a VMware Security Advisory to provide information on updates for affected products.
As always please sign up for our VMware Security Advisories here for new and updated information.

Update November 16, 2018
Day 1 of the Tianfu Cup PWN Contest has finished in Chengdu. VMware Workstation is a target at this competition.

One researcher has shown that he could execute code on the VMware Workstation host from the guest. We are currently investigating the issue after having received the details. We are actively working on its remediation and we plan on publishing a VMware Security Advisory to provide information on updates for affected products.

We would like to thank the Tianfu Cup organisers and VictorV for working with us to address the issue.

Original Post
We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest.

We would like to thank the organisers for inviting us to attend. Stay tuned for further updates.

As always please sign up for our VMware Security Advisories here for new and updated information.