VMware Fusion DoS and privilege escalation vulnerabilities

Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a Denial of Service or gain escalated privileges.

Kernel code execution vulnerability: A file permission problem in the vmx86 kernel extension allows for executing arbitrary code in the host system kernel context by an unprivileged user on the host system.

Kernel denial of service vulnerability: An integer overflow vulnerability in the vmx86 kernel extension allows for a denial of service of the host by an unprivileged user on the host system.

The vulnerabilities are reported in version 2.0.5 and prior so users should upgrade to version 2.0.6 build 196839.




Share this