Reading Time: 1 minute

Recently VMware has released a few security patches that will prevent a guest from execute code on the ESXi host and breaking the isolation of a virtual machine.

This has been possible based on heap buffer overflow and uninitialized stack memory usage in SVGA, using this bug may allow a guest to execute code on the host.

Note that this particular issue impacts ESXi 6.0 or later as also latest version of VMware Workstation, Player and Fusion.

Available VMware KB articles for these issues are:

Here the complete status of the affected versions:

For more informations see the VMware Security Advisories VMSA-2017-0006.

Andrea MauroAbout Andrea Mauro (2904 Posts)

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-18. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-18. Nutanix NTC 2014-18. PernixPro 2014-16. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.


Share