CVE-2018-6966 - OpenCVE

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Vmware	Esxi Fusion Workstation

Configuration 1 [-]

AND

cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:vmware:workstation::::::::
	cpe:2.3:o:vmware:esxi:6.7:-::::::
	cpe:2.3:o:vmware:esxi:6.7:670-201806001::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104709
http://www.securitytracker.com/id/1041208
https://www.vmware.com/security/advisories/VMSA-2018-0016.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2018-07-09T20:00:00Z

Updated: 2024-09-16T23:22:13.262Z

Reserved: 2018-02-14T00:00:00

Link: CVE-2018-6966

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-07-09T20:29:01.067

Modified: 2022-02-03T19:48:21.613

Link: CVE-2018-6966

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VMware ESXi, Workstation, and Fusion", "vendor": "VMware", "versions": [{"status": "affected", "version": "VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2)"}]}], "datePublic": "2018-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds read vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-12T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "104709", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104709"}, {"name": "1041208", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041208"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0016.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "DATE_PUBLIC": "2018-06-28T00:00:00", "ID": "CVE-2018-6966", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware ESXi, Workstation, and Fusion", "version": {"version_data": [{"version_value": "VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2)"}]}}]}, "vendor_name": "VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds read vulnerability"}]}]}, "references": {"reference_data": [{"name": "104709", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104709"}, {"name": "1041208", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041208"}, {"name": "https://www.vmware.com/security/advisories/VMSA-2018-0016.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2018-0016.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:17:17.291Z"}, "title": "CVE Program Container", "references": [{"name": "104709", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104709"}, {"name": "1041208", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041208"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0016.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2018-6966", "datePublished": "2018-07-09T20:00:00Z", "dateReserved": "2018-02-14T00:00:00", "dateUpdated": "2024-09-16T23:22:13.262Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "76C4E179-64D8-44F4-A60E-2C67268669C1", "versionEndExcluding": "10.1.2", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CD4990A-14DD-414B-8946-680D7BF5D29E", "versionEndExcluding": "14.1.2", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*", "matchCriteriaId": "0CE9D758-2170-4ACD-965C-C76BDA693466", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967."}, {"lang": "es", "value": "VMware ESXi (versiones 6.7, anteriores a ESXi670-201806401-BG), Workstation (versiones 14.x, anteriores a la 14.1.2) y Fusion (versiones 10.x, anteriores a la 10.1.2) contienen una vulnerabilidad de lectura fuera de l\u00edmites en el traductor del shader. Si este error se explota de manera exitosa, podr\u00eda dar lugar a una divulgaci\u00f3n de informaci\u00f3n o podr\u00eda permitir que atacantes con privilegios de usuario normal provoquen el cierre inesperado de sus m\u00e1quinas virtuales. Esta vulnerabilidad es diferente de CVE-2018-6965 y CVE-2018-6967."}], "id": "CVE-2018-6966", "lastModified": "2022-02-03T19:48:21.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-09T20:29:01.067", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104709"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041208"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0016.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}