VMware Clears VM Escape Holes

Monday, November 12, 2018 @ 04:11 PM gHale

VMware released patches for holes in its virtual machine (VM).

The vulnerability was found at the GeekPwn2018 by a security team of Chinese company Keen Cloud Tech.

RELATED STORIES
VMware Plugs Hole in Virtual Graphics Card
VMware Patches ESXi, Workstation, Fusion Holes
VMware Clears Remote Code Execution Issue
New Backdoor Based on Hacking Team Tool

One of the most interesting entries in the contest came from a researcher at China-based security firm Chaitin Tech, who discovered a guest-to-host escape vulnerability affecting several VMware products. He also identified a less severe information disclosure bug.

Shortly after the VM escape exploit was demonstrated, Chaitin Tech wrote on Twitter they were able to escape VMware ESXi and get a root shell on the host system.

VMware on Tuesday informed customers it had been provided the details of the vulnerabilities and on Friday it published an advisory describing the flaws and available patches.

The vulnerabilities, tracked as CVE-2018-6981 and CVE-2018-6982, are caused by an uninitialized stack memory usage bug in the vmxnet3 virtual network adapter, VMware said.

CVE-2018-6981 affects ESXi, Fusion and Workstation products, and it can allow a guest to execute arbitrary code on the host, while CVE-2018-6982, which only impacts ESXi, can result in an information leak from the host to the guest. VMware pointed out that the vulnerabilities are only present if the vmxnet3 adapter is enabled – other adapters are not impacted.

VMware released patches and updates for the vulnerabilities.



Leave a Reply

You must be logged in to post a comment.