VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert

VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert

November 15, 2018 | Adeline Zhang

Overview

Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.

The two vulnerabilities exist because VMware ESXi, Fusion, and Workstation contain uninitialized stack memory in vmxnet3 virtual network adapter. The vulnerability CVE-2018-6981 could allow a guest user to execute code on the host, while the CVE-2018-6982 vulnerability could result in information leakage from the host to a guest. Vulnerable products with vmxnet3 enabled will be exposed to security risks, while non-vmxnet3 virtual network adapters are not affected by the two vulnerabilities in question.

Reference links:

https://blogs.vmware.com/security/2018/11/vmware-and-the-geekpwn2018-event.html

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

Products Affected by CVE-2018-6981 and Related Patches/ Updates

Product Version Platform Severity Level Related Patch/Update
ESXi 6.7 ESXi Critical ESXi670-201811401-BG
ESXi 6.5 ESXi Critical ESXi650-201811301-BG
ESXi 6.0 ESXi Critical ESXi600-201811401-BG
Workstation 15.x All Critical 15.0.1
Workstation 14.x All Critical 14.1.4
Fusion 11.x OS X Critical 11.0.1
Fusion 10.x OS X Critical 10.1.4

 

Products Affected by CVE-2018-6982 and Related Patches/Updates

Product Version Platform Severity Level Related Patch/Update
ESXi 6.7 ESXi Important ESXi670-201811401-BG
ESXi 6.5 ESXi Important ESXi650-201811301-BG
ESXi 6.0 ESXi N/A Unaffected
Workstation All All N/A Unaffected
Fusion All OS X N/A Unaffected

Solution

The vendor has provided related patches and updates for vulnerable products (for details, see the Related Patch/Update column of the preceding table). Affected users are advised to download the related patch or update as soon as possible from one of the following links and install it.

 

ESXi 6.7

Download address of the related patch/update and documentation:

https://my.vmware.com/group/vmware/patch   

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html

 

ESXi 6.5 

Download address of the related patch/update and documentation:

https://my.vmware.com/group/vmware/patch  

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html

 

ESXi 6.0

Download address of the related patch/update and documentation:

https://my.vmware.com/group/vmware/patch   

https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html

 

VMware Workstation Pro

Download address of the related patch/update and documentation:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

 

VMware Workstation Player

Download address of the related patch/update and documentation:

https://www.vmware.com/go/downloadplayer

https://docs.vmware.com/en/VMware-Workstation-Player/index.html

 

VMware Fusion Pro/Fusion

Download address of the related patch/update and documentation:

https://www.vmware.com/go/downloadfusion 

https://docs.vmware.com/en/VMware-Fusion/index.html 

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

Home

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.