CVE-2017-4925

Summary

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Affected Software

VendorProductVersion RangeStatus
VMwareESXi6.5 without patch ESXi650-201707101-SGaffected
VMwareESXi6.0 without patch ESXi600-201706101-SGaffected
VMwareESXi5.5 without patch ESXi550-201709101-SGaffected
VMwareWorkstation12.x before 12.5.3affected
VMwareFusion8.x before 8.5.4affected

Weaknesses

  • NULL pointer dereference vulnerability

ADP Enrichment

CVE Program Container

Additional References

References