VMSA-2018-0016 : VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities

Medium Nessus Plugin ID 110902


The remote VMware ESXi host is missing one or more security-related patches.


ESXi, Workstation, and Fusion multiple out-of-bounds read vulnerabilities

VMware ESXi, Workstation and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs.

VMware would like to thank RanchoIce of Tencent ZhanluLab (CVE-2018-6965, CVE-2018-6966, CVE-2018-6967) and a member of Cisco Talos (CVE-2018-6965) for independently reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6965, CVE-2018-6966, and CVE-2018-6967 to these issues.


Apply the missing patches.

See Also


Plugin Details

Severity: Medium

ID: 110902

File Name: vmware_VMSA-2018-0016.nasl

Version: 1.5

Type: local

Published: 2018/07/03

Modified: 2018/10/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Vulnerability Information

CPE: cpe:/o:vmware:esxi:6.7

Patch Publication Date: 2018/06/28

Reference Information

CVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967

VMSA: 2018-0016

IAVB: 2018-B-0083