CVE-2017-4904

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 5.5 without patch ESXi550-201703401-SG VMware ESXi versions 6.0 U1 without patch ESXi600-201703402-SG VMware ESXi versions 6.0 U2 without patch ESXi600-201703403-SG VMware ESXi versions 6.0 U3 without patch ESXi600-201703401-SG VMware ESXi versions 6.5 without patch ESXi650-201703410-SG VMware Workstation Pro / Player versions prior to 12.5.5 VMware Fusion Pro / Fusion versions prior to 8.5.6

Description The issue is related to the XHCI controller in VMware products, which has uninitialized memory usage. This may allow a guest to execute code on the host, potentially leading to privilege escalation. On ESXi 5.5, the issue is reduced to a Denial of Service of the guest.

Recommendations For VMware ESXi 5.5, apply patch ESXi550-201703401-SG to resolve the issue. For VMware ESXi 6.0 U1, apply patch ESXi600-201703402-SG to resolve the issue. For VMware ESXi 6.0 U2, apply patch ESXi600-201703403-SG to resolve the issue. For VMware ESXi 6.0 U3, apply patch ESXi600-201703401-SG to resolve the issue. For VMware ESXi 6.5, apply patch ESXi650-201703410-SG to resolve the issue. For VMware Workstation Pro / Player, update to version 12.5.5 or later to resolve the issue. For VMware Fusion Pro / Fusion, update to version 8.5.6 or later to resolve the issue.