漏洞类别:VMware
漏洞等级: 
漏洞信息
VMware ESXi is an enterprise level computer virtualization product.
A local user on the guest system can trigger a heap overflow in SVGA to execute arbitrary code on the host system [CVE-2017-4902]. ESXi 6.0 is not affected.
A local user on the guest system can trigger an uninitialized stack memory usage error in SVGA to execute arbitrary code on the host system [CVE-2017-4903].
A local user on the guest system can trigger an uninitialized stack memory usage error in the XHCI controller to execute arbitrary code on the host system [CVE-2017-4904]. On ESXi 5.5, the impact is limited to denial of service conditions.
A local user on the guest system can trigger an uninitialized memory usage error to obtain potentially sensitive information on the host system [CVE-2017-4905].
漏洞危害
A local user on the guest system can gain elevated privileges on the host system.
A local user on the guest system can obtain potentially sensitive information on the host system.
解决方案
To resolve this issue, upgrade to VMware ESXi Build 5230635 or the latest VMware ESXi build.
Refer to VMware advisory KB2149576 for updates and build information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论