CVE-2018-6974Out-of-bounds Read in Vmware Fusion

CWE-125Out-of-bounds Read3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 81.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Esxi
Timeline
PublishedOct 16
Latest updateMay 14

Description

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages6 packages

NVDvmware/fusion10.010.1.3
NVDvmware/workstation14.014.1.3
CVEListV5vmware/esxi6.0 before ESXi600-201808401-BG, 6.5 before ESXi650-201808401-BG, 6.7 before ESXi670-201810101-SG+2
NVDvmware/esxi6.0, 6.5, 6.7+2
CVEListV5vmware/fusion10.x before 10.1.3

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-5vq3-72qx-fm2c: VMware ESXi (62022-05-14
CVEList
CVE-2018-6974: VMware ESXi (62018-10-16
CVE-2018-6974 — Out-of-bounds Read in Vmware Fusion | cvebase