CVE-2018-6974: VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and…

high8.8CVSS 3.1

AVLACLPRLUINSCCHIHAH

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
vmware	esxi	—	—
vmware	esxi	—	—
vmware	esxi	—	—
vmware	esxi	—	—
vmware	esxi	—	—
vmware	esxi	—	—
vmware	fusion	—	—
vmware	fusion	>= 10.0 < 10.1.3	10.1.3
vmware	fusion_pro	—	—
vmware	vmware_esxi	—	—
vmware	vmware_fusion	—	—
vmware	vmware_vsphere	—	—
vmware	vmware_workstation	—	—
vmware	workstation	—	—
vmware	workstation	>= 14.0 < 14.1.3	14.1.3
vmware	workstation_player	—	—
vmware	workstation_pro	—	—