VMware Clears Critical Integer Overflow Hole

Sunday, November 25, 2018 @ 10:11 AM gHale

VMware released security updates that fix a critical integer overflow issue in multiple products.

The products impacted by this integer overflow security issue are the VMWare Workstation, VMware Workstation Player, VMware Workstation Pro, VMware Fusion, and VMware Fusion Pro.

RELATED STORIES
VMware Clears VM Escape Holes
VMware Plugs Hole in Virtual Graphics Card
VMware Patches ESXi, Workstation, Fusion Holes
VMware Clears Remote Code Execution Issue

With the help of VMware Fusion, macOS users can “run Windows and other x86 based operating systems on a Mac without rebooting.”

VMware Workstation makes it possible to “develop, test, demonstrate, and deploy software by running multiple x86-based Windows, Linux, and other operating systems simultaneously on the same PC.”

“VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host” VMware said in an advisory.

This integer overflow security bug was assigned the CVE-2018-6983 case number by the Common Vulnerabilities and Exposures project.

The issue was discovered and reported Tianwen Tang of Qihoo 360Vulcan Team November 16, during the Tianfu Cup 2018 International Pwn Contest.

There is no known mitigation for the CVE-2018-6983 issue at the moment, but VMware provides updates for all affected products.

VMware Workstation users are required to update their installation to the 14.1.2/15.0.2 releases, and VMware Fusion owners should install the 10.1.5/11.0.2 versions.



Leave a Reply

You must be logged in to post a comment.