Virtual graphics cards create critical VMware risk

By

Guest-host escape on vSphere and desktop hypervisors.

VMware has revealed a critical-rated bug that impacts its core vSphere platform.

Virtual graphics cards create critical VMware risk

VMSA-2018-0026 allows virtualization’s worst-case scenario: a guest VM escaping the hypervisor to run code on the host machine.

The cause of the bug is an “Out-of-bounds read vulnerability” in SVGA Device, the virtual graphics card that the ESXi hypervisor uses to drive video on virtual machines.

The bug impacts older versions of VMware’s Workstation and Fusion desktop hypervisors. Both are commonly used by developers for test work and may touch live VMs. But as the desktop hypervisors typically run a PC and can’t reach too deep into a data centre, VMware users will probably prioritise patching ESXi 6.0 through 6.7, as that’s core data centre infrastructure.

The good news is that patches are already available for versions 6.0, 6.5 and 6.7, at the link above.

Trend Micro's Zero Day Initiative and an anonymous researcher discovered the bug, which is also known as CVE-2018-6974.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?