CVE-2017-4924

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 51.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation PRO Vmware Esxi +1 more

Timeline

PublishedSep 15

Latest updateMay 13

Description

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages6 packages

▶CVEListV5vmware/esxi6.5 without patch ESXi650-201707101-SG

▶NVDvmware/esxi6.5

▶NVDvmware/fusion8.0.0 — 8.5.8

▶NVDvmware/workstation_pro12.0.0 — 12.5.7

▶CVEListV5vmware/fusion8.x before 8.5.8

🔴Vulnerability Details

GHSA

GHSA-qqqq-ch5x-6hq4: VMware ESXi (ESXi 6↗2022-05-13

▶

CVEList

CVE-2017-4924: VMware ESXi (ESXi 6↗2017-09-15

▶