VMware fixed vulnerabilities in its ESXi, Workstation, and Fusion products that could potentially lead to a denial-of-service (DoS) or information disclosure issue.
The holes are out-of-bounds read issues in the shader translator component, VMware officials said.
An attacker with regular user privileges could leverage the vulnerabilities to obtain information or crash virtual machines.
The vulnerabilities, classified as important, have CVE case numbers of CVE-2018-6965, CVE-2018-6966 and CVE-2018-6967.
VMware credited a Tencent ZhanluLab researcher who goes by “RanchoIce” for reporting the flaws. In addition, a researcher from Cisco Talos independently discovered CVE-2018-6965.
The holes have an affect on ESXi 6.7 and Workstation 14.x running on any platform, and Fusion 10.x running on OS X, VMware said.
Patches and updates have been released for each of the affected products.
Cisco Talos published an advisory containing technical details for CVE-2018-6965. The company has assigned a CVSS score of 6.5 to this vulnerability, which puts it near the “high severity” range.