CVE-2017-4904
VMware Workstation Uninitialized Memory Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
El controlador XHCI en ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, y 5.5 sin parche ESXi550 -201703401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede permitir a un invitado ejecutar código en el host. El problema es reducido a una Denegación de Servicio del invitado en ESXi versión 5.5.
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of XHCI communication. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to elevate privileges and execute arbitrary code under the context of the hypervisor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-26 CVE Reserved
- 2017-03-30 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97165 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038148 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038149 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2017-0006.html | 2022-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 8.0.0 < 8.5.6 Search vendor "Vmware" for product "Fusion" and version " >= 8.0.0 < 8.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Fusion Pro Search vendor "Vmware" for product "Fusion Pro" | >= 8.0.0 < 8.5.6 Search vendor "Vmware" for product "Fusion Pro" and version " >= 8.0.0 < 8.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Workstation Player Search vendor "Vmware" for product "Workstation Player" | >= 12.0.0 < 12.5.5 Search vendor "Vmware" for product "Workstation Player" and version " >= 12.0.0 < 12.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Pro Search vendor "Vmware" for product "Workstation Pro" | >= 12.0.0 < 12.5.5 Search vendor "Vmware" for product "Workstation Pro" and version " >= 12.0.0 < 12.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 3a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 3b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 1a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 1b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 3 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 3a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | - |
Affected
| ||||||