Overview
Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.
The two vulnerabilities exist because VMware ESXi, Fusion, and Workstation contain uninitialized stack memory in vmxnet3 virtual network adapter. The vulnerability CVE-2018-6981 could allow a guest user to execute code on the host, while the CVE-2018-6982 vulnerability could result in information leakage from the host to a guest. Vulnerable products with vmxnet3 enabled will be exposed to security risks, while non-vmxnet3 virtual network adapters are not affected by the two vulnerabilities in question.
Reference links:
https://blogs.vmware.com/security/2018/11/vmware-and-the-geekpwn2018-event.html
https://www.vmware.com/security/advisories/VMSA-2018-0027.html
Products Affected by CVE-2018-6981 and Related Patches/ Updates
| Product | Version | Platform | Severity Level | Related Patch/Update |
| ESXi | 6.7 | ESXi | Critical | ESXi670-201811401-BG |
| ESXi | 6.5 | ESXi | Critical | ESXi650-201811301-BG |
| ESXi | 6.0 | ESXi | Critical | ESXi600-201811401-BG |
| Workstation | 15.x | All | Critical | 15.0.1 |
| Workstation | 14.x | All | Critical | 14.1.4 |
| Fusion | 11.x | OS X | Critical | 11.0.1 |
| Fusion | 10.x | OS X | Critical | 10.1.4 |
Products Affected by CVE-2018-6982 and Related Patches/Updates
| Product | Version | Platform | Severity Level | Related Patch/Update |
| ESXi | 6.7 | ESXi | Important | ESXi670-201811401-BG |
| ESXi | 6.5 | ESXi | Important | ESXi650-201811301-BG |
| ESXi | 6.0 | ESXi | N/A | Unaffected |
| Workstation | All | All | N/A | Unaffected |
| Fusion | All | OS X | N/A | Unaffected |
Solution
The vendor has provided related patches and updates for vulnerable products (for details, see the Related Patch/Update column of the preceding table). Affected users are advised to download the related patch or update as soon as possible from one of the following links and install it.
ESXi 6.7
Download address of the related patch/update and documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html
ESXi 6.5
Download address of the related patch/update and documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html
ESXi 6.0
Download address of the related patch/update and documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html
VMware Workstation Pro
Download address of the related patch/update and documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player
Download address of the related patch/update and documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion Pro/Fusion
Download address of the related patch/update and documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.
For more information about NSFOCUS, please visit:
NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.
