First published: Fri Sep 15 2017(Updated: )
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Fusion | >=8.0.0<8.5.8 | |
VMware Workstation | >=12.0.0<12.5.7 | |
VMware ESXi and Horizon DaaS | =6.5 | |
VMware ESXi and Horizon DaaS | =6.5-650-201701001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201703001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201703002 | |
VMware ESXi and Horizon DaaS | =6.5-650-201704001 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-4924 is considered a critical vulnerability as it allows a guest to execute code on the host system.
To fix CVE-2017-4924, update VMware ESXi to the patched version or upgrade to VMware Workstation and Fusion versions that are above 12.5.7 and 8.5.8 respectively.
CVE-2017-4924 affects VMware ESXi 6.5 and versions of VMware Workstation and Fusion prior to their respective patched versions.
CVE-2017-4924 is an out-of-bounds write vulnerability found in the SVGA device within VMware products.
Yes, CVE-2017-4924 has the potential to lead to unauthorized access and execution of code on the host, which could result in a data breach.