VMware 3D Acceleration Feature Denial of Service Vulnerability



A vulnerability in the 3D acceleration feature of VMware could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to resource exhaustion by the affected software when the 3D acceleration feature is used. An attacker with normal user privileges on a guest account could exploit this vulnerability by maliciously using a 3D-rendering shader on a targeted system. A successful exploit could trigger an infinite loop condition, which could lead to resource exhaustion and result in a DoS condition.

VMware has confirmed the vulnerability and released a workaround.

Security Impact Rating: Medium

CVE: CVE-2018-6977

Source:: Cisco Multivendor Vulnerability Alerts