CVE-2017-4903

Summary

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.

Affected Software

VendorProductVersion RangeStatus
VMwareESXi6.5 without patch ESXi650-201703410-SGaffected
VMwareESXi6.0 U3 without patch ESXi600-201703401-SGaffected
VMwareESXi6.0 U2 without patch ESXi600-201703403-SGaffected
VMwareESXi6.0 U1 without patch ESXi600-201703402-SGaffected
VMwareESXi5.5 without patch ESXi550-201703401-SGaffected
VMwareWorkstation Pro / Player12.x prior to 12.5.5affected
VMwareFusion Pro / Fusion8.x prior to 8.5.6affected

Weaknesses

  • Uninitialized Stack Memory Usage

ADP Enrichment

CVE Program Container

Additional References

References