VMware ESXi, Workstation, and Fusion contain an out-of-bounds write vulnerability in SVGA device. This flaw may enable an attacker to execute code on the host.
The issue rated critical, tracked as CVE-2017-4924, is an out-of-bounds write flaw in the SVGA device, which is an old virtual graphics card implemented by VMware virtualization products.
The flaw has been discovered by Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG, they reported it to VMware via the Zero Day Initiative (ZDI) on June 22.
ZDI pointed out that an attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability.
According to ZDI:
“The specific flaw exists within the Shader implementation. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.”
VMware has issued an update to fix this vulnerability. More details can be found here.
