VMware released updates for VMware Workstation and VMware Player that fix a security vulnerability that attackers could use to host privilege escalation on Linux-based devices.
VMware Workstation for Linux 9.x prior to version 9.0.3 and VMware Player for Linux 5.x prior to version 5.0.3 suffer from the issue, according to the advisory published by the company. Fusion, ESX and ESXi do not have the problem.
The issue (CVE-2013-5972), which is the result of the way shared libraries end up handled, could allow a local attacker to escalate his privileges to root.
“The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa,” VMware said.
Workstation and Player customers should update their installations to versions 9.0.3 and 5.0.3, respectively as soon as possible.