VMware patched two security issues in the VMware Workstation Pro/Player, includes an insecure library loading vulnerability via ALSA sound driver configuration files. If the attacker was able to exploit this issue, it might allow unprivileged host users to escalate their privileges to root in a Linux host machine. Another security flaw is a NULL pointer dereference issue that exists in the vstor2 driver. An attacker with regular host user privileges can exploit the vulnerability to cause a Denial Of Service condition on the host machine.
An important security issue (tracked as CVE-2017-4915) discovered by Jann Horn of Google Project Zero and, affects the Workstation Pro and Player 12.x on Linux.
Replace with/ Apply Patch: 12.5.6
The other security issue (tracked as CVE-2017-4916) discovered by Borja Merino (a security researcher from Spain) and, affects the Workstation Pro and Player 12.x on Windows.