Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware releases security patches for a critical virtual machine escape flaw

VMware released security patches for a critical virtual machine (VM) escape vulnerability that was recently discovered at a Chinese hacking contest. VMware has released security patches for a critical virtual machine (VM) escape vulnerability (CVE-2018-6981 and CVE-2018-6982) that was recently discovered by the researcher Zhangyanyu at the  Chinese GeekPwn2018 hacking contest. The cause for the […]

VMware vROps

VMware released security patches for a critical virtual machine (VM) escape vulnerability that was recently discovered at a Chinese hacking contest.

VMware has released security patches for a critical virtual machine (VM) escape vulnerability (CVE-2018-6981 and CVE-2018-6982) that was recently discovered by the researcher Zhangyanyu at the  Chinese GeekPwn2018 hacking contest.

The cause for the bugs is an uninitialized stack memory usage bug in the vmxnet3 virtual network adapter. The flaws could be exploited only if the vmxnet3 adapter is enabled.

“VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue.” reads the advisory published by VMware.

The CVE-2018-6981 can be exploited by a guest to execute arbitrary code on the host and affects ESXi, Fusion and Workstation products. The CVE-2018-6982 flaw can result in an information leak from the host to the guest, it only affects ESXi.

GeekPwn is a popular hacking competition held in China since 2014 that is organized by the security team of the Chinese firm Keen Cloud Tech. Starting from 2017 the competition is also held in the United States.

The latest contest, GeekPwn2018, was held in Shanghai on October 24-25, the organizers offered an overall prize pool of $800,000. This year a researcher at China-based security firm Chaitin Tech discovered a guest-to-host escape vulnerability affecting several VMware products along with other minor issued.

The flaw is very important because for the first time an expert managed to escape VMware ESXi and get a root shell on the host system.

The virtualization giant released patches and updates for both vulnerabilities.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – virtual machine, VM escape vulnerability)

[adrotate banner=”5″]

[adrotate banner=”13″]