CVE-2021-21997
First published: Fri Jun 18 2021(Updated: )
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Tools | >=11.0.0<11.3.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this VMware Tools for Windows vulnerability?
The vulnerability ID for this VMware Tools for Windows vulnerability is CVE-2021-21997.
What is the severity rating for CVE-2021-21997?
The severity rating for CVE-2021-21997 is medium.
How can a malicious actor exploit CVE-2021-21997?
A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service.
What is the affected software for CVE-2021-21997?
The affected software for CVE-2021-21997 is VMware Tools for Windows versions prior to 11.3.0.
How can I fix CVE-2021-21997?
To fix CVE-2021-21997, update VMware Tools for Windows to version 11.3.0 or later.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware tools
- version/vmware tools/11.0.0
- vendor/microsoft
- canonical/microsoft windows