CVE-2018-6977

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

Published: Oct 9, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-6977
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
vmware / esxi	6.5	6.5.x
vmware / esxi	6.0	6.0.x
vmware / esxi	6.7	6.7.x
vmware / workstation	14.0.0	14.1.5.x
vmware / workstation	15.0.0	15.0.2.x
vmware / fusion	10.0.0	10.1.5.x
vmware / fusion	11.0.0	11.0.2.x

http://www.securityfocus.com/bid/105549
http://www.securitytracker.com/id/1041821
http://www.securitytracker.com/id/1041822
https://www.vmware.com/security/advisories/VMSA-2018-0025.html

Vulnerability Database

289,697

CVE-2018-6977