2. Relevant Products

VMware ESXi (ESXi)



VMware Workstation Pro / Player (Workstation)



VMware Fusion Pro, Fusion (Fusion)



3. Problem Description

a. ESXi, Workstation, Fusion SVGA memory corruption



ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host.



VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these issues to us.





The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4902 (heap issue) and CVE-2017-4903 (stack issue) to these issues.



Note: ESXi 6.0 is affected by CVE-2017-4903 but not by CVE-2017-4902.



Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

