VMware released patches for holes in its virtual machine (VM).
The vulnerability was found at the GeekPwn2018 by a security team of Chinese company Keen Cloud Tech.
One of the most interesting entries in the contest came from a researcher at China-based security firm Chaitin Tech, who discovered a guest-to-host escape vulnerability affecting several VMware products. He also identified a less severe information disclosure bug.
Shortly after the VM escape exploit was demonstrated, Chaitin Tech wrote on Twitter they were able to escape VMware ESXi and get a root shell on the host system.
VMware on Tuesday informed customers it had been provided the details of the vulnerabilities and on Friday it published an advisory describing the flaws and available patches.
The vulnerabilities, tracked as CVE-2018-6981 and CVE-2018-6982, are caused by an uninitialized stack memory usage bug in the vmxnet3 virtual network adapter, VMware said.
CVE-2018-6981 affects ESXi, Fusion and Workstation products, and it can allow a guest to execute arbitrary code on the host, while CVE-2018-6982, which only impacts ESXi, can result in an information leak from the host to the guest. VMware pointed out that the vulnerabilities are only present if the vmxnet3 adapter is enabled – other adapters are not impacted.
VMware released patches and updates for the vulnerabilities.