Vulnerability Name:

CVE-2017-4924 (CCN-132051)

Assigned:2016-12-26
Published:2017-09-15
Updated:2022-02-03
Summary:VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2017-4924

Source: BID
Type: Third Party Advisory, VDB Entry
100843

Source: CCN
Type: BID-100843
Multiple VMware Products CVE-2017-4924 Out-Of-Bounds Write Local Code Execution Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039365

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039366

Source: MISC
Type: Exploit, Third Party Advisory
https://0patch.blogspot.com/2017/10/micropatching-hypervisor-with-running.html

Source: XF
Type: UNKNOWN
vmware-cve20174924-priv-esc(132051)

Source: CCN
Type: VMware Security Advisories: VMSA-2017-0015.1
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities

Source: CONFIRM
Type: Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2017-0015.html

Source: CCN
Type: ZDI-17-738
VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.5.8)

    • Configuration 2:
  • cpe:/a:vmware:workstation_pro:*:*:*:*:*:*:*:* (Version >= 12.0.0 and < 12.5.7)
  • OR cpe:/o:vmware:esxi:6.5:-:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:12.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:8.5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware fusion *
    vmware workstation pro *
    vmware esxi 6.5 -
    vmware esxi 6.5 650-201701001
    vmware esxi 6.5 650-201703001
    vmware esxi 6.5 650-201703002
    vmware esxi 6.5 650-201704001
    vmware vcenter server 6.5
    vmware workstation 12.5.6
    vmware fusion 8.5.7