-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2018-0027 Severity: Critical Synopsis: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage Issue date: 2018-11-09 Updated on: 2018-11-09 (Initial Advisory) CVE number: CVE-2018-6981, CVE-2018-6982 1. Summary VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage. 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description a. vmxnet3 uninitialized stack memory usage VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue. VMware would like to thank the organizers of GeekPwn2018 and security researcher Zhangyanyu of Chaitin Tech for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6981 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround ========== ======= ====== ======== ============= ========== ESXi 6.7 ESXi Critical ESXi670-201811401-BG None ESXi 6.5 ESXi Critical ESXi650-201811301-BG None ESXi 6.0 ESXi Critical ESXi600-201811401-BG None Workstation 15.x Any Critical 15.0.1 None Workstation 14.x Any Critical 14.1.4 None Fusion 11.x OS X Critical 11.0.1 None Fusion 10.x OS X Critical 10.1.4 None b. vmxnet3 uninitialized stack memory usage VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may lead to an information leak from host to guest. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue. VMware would like to thank the organizers of GeekPwn2018 and security researcher Zhangyanyu of Chaitin Tech for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6982 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround ========== ======= ====== ======== ============= ========== ESXi 6.7 ESXi Important ESXi670-201811401-BG None ESXi 6.5 ESXi Important ESXi650-201811301-BG None ESXi 6.0 ESXi N/A not affected N/A Workstation Any Any N/A not affected N/A Fusion Any OS X N/A not affected N/A 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html VMware Workstation Pro 14.1.4, 15.0.1 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.4, 15.0.1 Downloads and Documentation: https://www.vmware.com/go/downloadplayer https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.4, 11.0.1 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://docs.vmware.com/en/VMware-Fusion/index.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6982 - ------------------------------------------------------------------------ 6. Change log VMSA-2018-0027 2018-11-09 Initial security advisory in conjunction with the release of ESXi 6.0, 6.5, 6.7 patches and VMware Workstation 14.1.4, 15.0.1 and Fusion 10.1.4, 11.0.1 on 2018-11-09. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFb5WZbDEcm8Vbi9kMRAv0fAKDaDFeL/8AsPTjUXLCA0MYcyNjyTACgxUvW ai0L/eRY3Ngbrf0OA05K0Ts=OHA7 -----END PGP SIGNATURE----- _______________________________________________ Security-announce mailing list Security-announce@lists.vmware.com https://lists.vmware.com/mailman/listinfo/security-announce