iTnews

Virtual graphics cards create critical VMware risk

By Simon Sharwood on Oct 17, 2018 10:09AM
Virtual graphics cards create critical VMware risk

Guest-host escape on vSphere and desktop hypervisors.

VMware has revealed a critical-rated bug that impacts its core vSphere platform.

VMSA-2018-0026 allows virtualization’s worst-case scenario: a guest VM escaping the hypervisor to run code on the host machine.

The cause of the bug is an “Out-of-bounds read vulnerability” in SVGA Device, the virtual graphics card that the ESXi hypervisor uses to drive video on virtual machines.

The bug impacts older versions of VMware’s Workstation and Fusion desktop hypervisors. Both are commonly used by developers for test work and may touch live VMs. But as the desktop hypervisors typically run a PC and can’t reach too deep into a data centre, VMware users will probably prioritise patching ESXi 6.0 through 6.7, as that’s core data centre infrastructure.

The good news is that patches are already available for versions 6.0, 6.5 and 6.7, at the link above.

Trend Micro's Zero Day Initiative and an anonymous researcher discovered the bug, which is also known as CVE-2018-6974.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
security svga virtualisation vmware

Partner Content

Why your organisation's perimeter cybersecurity model is outdated
Partner Content Why your organisation's perimeter cybersecurity model is outdated
Changing the game with IMMERSION
Partner Content Changing the game with IMMERSION
Under the pump over sewage leaks, Tasmania Water turns to IoT
Promoted Content Under the pump over sewage leaks, Tasmania Water turns to IoT
From 30 people to 6 million: How workplace tech is driving Movember's global community
Promoted Content From 30 people to 6 million: How workplace tech is driving Movember's global community

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Future of work: Support your distributed HR workforce with digital document processes
Future of work: Support your distributed HR workforce with digital document processes
Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights

Events

  • Nutanix .NEXT Conference
  • How a FinTech can maintain agility while addressing Non-Functional requirements and ensuring compliance
By Simon Sharwood
Oct 17 2018
10:09AM
0 Comments

Related Articles

  • VMware says critical vCenter Server bug needs 'immediate attention'
  • Critical remote code execution bug found in VMware vCenter
  • Victoria embarks on govt cyber security uplift
  • US to target ransomware payments in cryptocurrency with sanctions
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling
Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics
NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans
CBA to rebrand its internal IT organisation

CBA to rebrand its internal IT organisation
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.