CVE-2017-4903

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 5.5 through 6.5 without specified patches VMware Workstation Pro versions 12.x prior to 12.5.5 VMware Workstation Player versions 12.x prior to 12.5.5 VMware Fusion Pro versions 8.x prior to 8.5.6 VMware Fusion versions 8.x prior to 8.5.6

Description The issue is related to an uninitialized stack memory usage in SVGA, which may allow a guest to execute code on the host. This could potentially enable a local attacker to execute arbitrary code in the host system.

Recommendations For VMware ESXi versions 5.5 through 6.5, apply the respective patches (ESXi550-201703401-SG, ESXi600-201703401-SG, ESXi600-201703402-SG, ESXi600-201703403-SG, ESXi650-201703410-SG) to resolve the issue. For VMware Workstation Pro versions 12.x prior to 12.5.5, update to version 12.5.5 or later. For VMware Workstation Player versions 12.x prior to 12.5.5, update to version 12.5.5 or later. For VMware Fusion Pro versions 8.x prior to 8.5.6, update to version 8.5.6 or later. For VMware Fusion versions 8.x prior to 8.5.6, update to version 8.5.6 or later.