Severity
Medium
Analysis Summary
1) An error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to cause an out-of-bounds memory access.
2) A race condition error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 and #2 may allow execution of code on the host but requires virtual machine with a virtual USB controller present.
Impact
Security Bypass
Affected Vendors
VMware
Affected Products
VMware Workstation Player 14.xVMware ESXi 6.x
Remediation
Apply patch or update to a fixed version.
VMware ESXi version 6.0:
Apply ESXi600-201903001.
VMware ESXi version 6.5:
Apply ESXi650-201903001.
VMware ESXi version 6.7:
Apply ESXi670-201903001.
VMware Workstation Player:
Update to version 14.1.7.