Skip to Content.
Sympa Menu

cv-announce-l - [cv-announce-l] VMware Vulnerability (CVE-2018-6974)

Please Wait...

cv-announce-l@list.iu.edu

Subject: cv alerts list

List archive

[cv-announce-l] VMware Vulnerability (CVE-2018-6974)


Chronological Thread  
  • From: Andrew K Adams <akadams@psc.edu>
  • To: cv-announce@trustedci.org
  • Cc: "Andrew K. Adams" <akadams@psc.edu>
  • Subject: [cv-announce-l] VMware Vulnerability (CVE-2018-6974)
  • Date: Fri, 19 Oct 2018 11:15:29 -0400

CI Operators:


An out of bounds read vulnerability [1][2] was found that affects VMware ESXi 6.7, 6.5, and 6.0, Workstation 14.x and Fusion 10.x.  Currently, there is little information reported on this vulnerability other than it is in SVGA device.


Impact:

The vulnerability may be exploited by a malicious actor to execute code on the host as a guest.


Recommendation:

Apply patches based on the version and VMware product being used.

* ESXi 6.7 https://my.vmware.com/group/vmware/patch

* ESXi 6.5 https://my.vmware.com/group/vmware/patch

* ESXi 6.0 https://my.vmware.com/group/vmware/patch

* Workstation Pro 14.1.3 https://www.vmware.com/go/downloadworkstation

* Workstation Player 14.1.3 https://www.vmware.com/go/downloadplayer

* Fusion Pro / Fusion 10.1.3 https://www.vmware.com/go/downloadfusion


Affected Software:

* VMware ESXi 6.7 (before ESXi670-201810101-SG), 6.5 (before ESXi650-201808401-BG), and 6.0 (before ESXi600-201808401-BG)

* VMware Workstation 14.x (before 14.1.3)

* VMware Fusion 10.x (before 10.1.3)


References:

[1] https://www.vmware.com/security/advisories/VMSA-2018-0026.html

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6974


How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI (formerly CTSC) can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.




  • [cv-announce-l] VMware Vulnerability (CVE-2018-6974), Andrew K Adams, 10/19/2018

Archive powered by MHonArc 2.6.24.

Top of Page