CVE-2017-4905

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 5.5 without patch ESXi550-201703401-SG, 6.0 U1 without patch ESXi600-201703402-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.5 without patch ESXi650-201703410-SG VMware Workstation Pro / Player versions prior to 12.5.5 VMware Fusion Pro / Fusion versions prior to 8.5.6

Description The issue is related to uninitialized memory usage, which may lead to an information leak. This was demonstrated in a real-world scenario at Pwn2Own.

Recommendations For VMware ESXi versions 5.5, apply patch ESXi550-201703401-SG to resolve the issue. For VMware ESXi versions 6.0 U1, apply patch ESXi600-201703402-SG to resolve the issue. For VMware ESXi versions 6.0 U2, apply patch ESXi600-201703403-SG to resolve the issue. For VMware ESXi versions 6.0 U3, apply patch ESXi600-201703401-SG to resolve the issue. For VMware ESXi versions 6.5, apply patch ESXi650-201703410-SG to resolve the issue. For VMware Workstation Pro / Player versions prior to 12.5.5, update to version 12.5.5 or later. For VMware Fusion Pro / Fusion versions prior to 8.5.6, update to version 8.5.6 or later.