Home News Vmware vulnerabilities have been patched

Vmware vulnerabilities have been patched

by Unallocated Author

VMware patched two security issues in the VMware Workstation Pro/Player, includes an insecure library loading vulnerability via ALSA sound driver configuration files. If the attacker was able to exploit this issue, it might allow unprivileged host users to escalate their privileges to root in a Linux host machine. Another security flaw is a NULL pointer dereference issue that exists in the vstor2 driver. An attacker with regular host user privileges can exploit the vulnerability to cause a Denial Of Service condition on the host machine.

An important security issue (tracked as CVE-2017-4915) discovered by Jann Horn of Google Project Zero and, affects the Workstation Pro and Player 12.x on Linux.

Product: Workstation Pro
Version: 12.x
Running on: Linux
Severity: Important

Replace with/ Apply Patch: 12.5.6

The other security issue (tracked as CVE-2017-4916) discovered by Borja Merino (a security researcher from Spain) and, affects the Workstation Pro and Player 12.x on Windows.

Product: Workstation Pro
Version: 12.x
Running on: Windows
Severity: Moderate
Replace with/ Apply Patch: 12.5.6
The security bugs have been patched with the release of VMware Workstation 12.5.6. VMware is advising users to update the software to the most recent version, 12.5.6, to patch both issues.

You may also like