CVE-2018-6972

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.7 before ESXi670-201806401-BG VMware ESXi versions 6.5 before ESXi650-201806401-BG VMware ESXi versions 6.0 before ESXi600-201806401-BG VMware ESXi versions 5.5 before ESXi550-201806401-BG VMware Workstation versions 14.x before 14.1.2 VMware Fusion versions 10.x before 10.1.2

Description The issue is due to a NULL pointer dereference in the RPC handler, which can cause a denial-of-service. This can allow attackers with normal user privileges to crash their VMs.

Recommendations For VMware ESXi versions 6.7 before ESXi670-201806401-BG, update to ESXi670-201806401-BG or later. For VMware ESXi versions 6.5 before ESXi650-201806401-BG, update to ESXi650-201806401-BG or later. For VMware ESXi versions 6.0 before ESXi600-201806401-BG, update to ESXi600-201806401-BG or later. For VMware ESXi versions 5.5 before ESXi550-201806401-BG, update to ESXi550-201806401-BG or later. For VMware Workstation versions 14.x before 14.1.2, update to 14.1.2 or later. For VMware Fusion versions 10.x before 10.1.2, update to 10.1.2 or later.