CVE-2018-6981Use of Uninitialized Resource in Vmware Fusion

CWE-908Use of Uninitialized Resource5 documents4 sources
Severity
8.8HIGHNVD
EPSS
6.9%
top 8.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Esxi
Timeline
PublishedDec 4
Latest updateMay 13

Description

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

NVDvmware/esxi6.0, 6.5, 6.7+2
NVDvmware/fusion10.0.010.1.4+1
NVDvmware/workstation14.0.014.1.4+1

🔴Vulnerability Details

2
GHSA
GHSA-gg2h-7m29-p3rh: VMware ESXi 62022-05-13
CVEList
CVE-2018-6981: VMware ESXi 62018-12-04

🕵️Threat Intelligence

1
Tenable
VMware Issues Security Advisory for Guest-to-Host Escape Vulnerability (CVE-2018-6981)2018-11-12
CVE-2018-6981 — Use of Uninitialized Resource in Vmware | cvebase