CVE-2018-6977

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
vmwareesxi
6.0
vmwareesxi
6.5
vmwareesxi
6.7
vmwareworkstation
14.0.0 ≤
𝑥
≤ 14.1.5
vmwareworkstation
15.0.0 ≤
𝑥
≤ 15.0.2
vmwarefusion
10.0.0 ≤
𝑥
≤ 10.1.5
vmwarefusion
11.0.0 ≤
𝑥
≤ 11.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105549
http://www.securitytracker.com/id/1041821
http://www.securitytracker.com/id/1041822
https://www.vmware.com/security/advisories/VMSA-2018-0025.html
http://www.securityfocus.com/bid/105549
http://www.securitytracker.com/id/1041821
http://www.securitytracker.com/id/1041822
https://www.vmware.com/security/advisories/VMSA-2018-0025.html