CVE-2018-6977 — Infinite Loop in Vmware Fusion

CWE-835 — Infinite Loop5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 79.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Esxi

Timeline

PublishedOct 9

Latest updateMay 13

Description

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages6 packages

▶NVDvmware/fusion10.0.0 — 10.1.5+1

▶NVDvmware/workstation14.0.0 — 14.1.5+1

▶CVEListV5vmware/esxi6.7, 6.5, 6.0

▶NVDvmware/esxi6.0, 6.5, 6.7+2

▶CVEListV5vmware/fusion11.x and 10.x

🔴Vulnerability Details

GHSA

GHSA-29m2-93j9-hrcp: VMware ESXi (6↗2022-05-13

▶

CVEList

CVE-2018-6977: VMware ESXi (6↗2018-10-09

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: VMWare Workstation DoS Vulnerability↗2018-10-09

▶

Talos

Vulnerability Spotlight: VMWare Workstation DoS Vulnerability↗2018-10-09

▶