Description
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- VMware / Cloud Foundation5.x, 4.5.x – 5.x, 4.5.x
- VMware / ESXi7.0 – ESXi70U3sv-24723868
- VMware / ESXi8.0 – ESXi80U3se-24659227
- VMware / Fusion13.x – 13.6.3
- VMware / Telco Cloud Infrastructure3.x, 2.x – 3.x, 2.x
- VMware / Telco Cloud Platform5.x, 4.x, 3.x, 2.x – 5.x, 4.x, 3.x, 2.x
- VMware / Workstation17.x – 17.6.3