VMWare issues patch for a critical arbitrary code execution vulnerability in the SVGA virtual graphics card
VMware released a critical-rated bug that impacts SVGA virtual graphics card used by its Workstation, ESXi and Fusion products. The critical vulnerability could allow attackers to execute arbitrary codes on a targeted host.
The vulnerability was assigned with CVE-2018-6974 and named as an out-of-bound vulnerability, according to the security advisory released by VMware.
The vulnerability was first discovered by an anonymous researcher, who notified the VMware about the details of the vulnerability through Trend Micro’s Zero Day Initiative (ZDI). However, the flaw was reported to VMware in mid-June this year.
About the vulnerability
According to the ZDI advisory, the vulnerability is a heap-based buffer overflow that allows an attacker who has local access and minimum system access privileges on the targeted system to escalate permissions and execute arbitrary code.
“The specific flaw exists within the handling of virtualized SVGA,” ZDI said. “The issue results from the lack of proper validation of user-supplied data, which can result in an overflow of a heap-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.”
The same anonymous researcher also reported CVE-2018-6973, an out-of-bounds vulnerability in the e1000 virtual network adapter used by the VMware Workstation and Fusion. The vulnerability was reported on the same day along with CVE-2018-6974. While VMware classified both these vulnerabilities as critical, ZDI assigned a vulnerability score of 6.5 for them.
However, the patch for CVE-2018-6973 was released in mid-August. Now, both the critical vulnerabilities have available patches.
Two other important denial-of-service (DoS) bug and SAML authentication bypass vulnerability, discovered by Cisco Talos researchers were patched by VMware earlier this month. The former affected Workstation, ESXi and Fusion while the later was found affecting the Workspace ONE Unified Endpoint Management Console.