Recently VMware has released a few security patches that will prevent a guest from execute code on the ESXi host and breaking the isolation of a virtual machine.

This has been possible based on heap buffer overflow and uninitialized stack memory usage in SVGA, using this bug may allow a guest to execute code on the host.

Note that this particular issue impacts ESXi 6.0 or later as also latest version of VMware Workstation, Player and Fusion.

Available VMware KB articles for these issues are:

Here the complete status of the affected versions:

For more informations see the VMware Security Advisories VMSA-2017-0006.

Andrea MauroAbout Andrea Mauro (2489 Posts)

Virtualization & Cloud Architect. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert (2010, 2011, 2012, 2013, 2014, 2015). PernixPro 2014. Dell TechCenter Rockstar 2014. MVP 2014. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.