VMware released a patch fixing a critical arbitrary code execution vulnerability in the SVGA virtual graphics card used by its Workstation, ESXi and Fusion products.
ESXi, Fusion and Workstation are affected by an out-of-bounds read vulnerability in the SVGA device.
The flaw, tracked as CVE-2018-6974, can be exploited by a malicious guest to execute arbitrary code on the host, VMware said in an advisory.
The vulnerability was reported to VMware by an anonymous researcher through Trend Micro’s Zero Day Initiative (ZDI).
ZDI’s advisory describes the security hole as a heap-based buffer overflow that allows a local attacker with low privileges on the system to escalate permissions and execute arbitrary code. ZDI said the flaw was reported to VMware in mid-June.
“The specific flaw exists within the handling of virtualized SVGA,” ZDI said. “The issue results from the lack of proper validation of user-supplied data, which can result in an overflow of a heap-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.”