CVE-2017-4903
published 2017-06-07CVE-2017-4903: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch…
high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | fusion | >= 8.0.0 < 8.5.6 | 8.5.6 |
| vmware | fusion_pro | — | — |
| vmware | fusion_pro | >= 8.0.0 < 8.5.6 | 8.5.6 |
| vmware | fusion_pro_fusion | — | — |
| vmware | vmware_esxi | — | — |
| vmware | vmware_fusion | — | — |
| vmware | vmware_workstation | — | — |
| vmware | workstation_player | — | — |
| vmware | workstation_player | >= 12.0.0 < 12.5.5 | 12.5.5 |
| vmware | workstation_pro | — | — |
| vmware | workstation_pro | >= 12.0.0 < 12.5.5 | 12.5.5 |
| vmware | workstation_pro_player | — | — |