Home
CRITICAL: 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HDefault status
unaffected
8.0 (custom) before ESXi80U3f-24784735
affected
8.0 (custom) before ESXi80U2e-24789317
affected
7.0 (custom) before ESXi70U3w-24784741
affected
Default status
unaffected
5.x, 4.5.x
affected
Default status
unaffected
17.x (custom) before 17.6.4
affected
Default status
unaffected
13.x (custom)
affected
Default status
unaffected
5.x, 4.x, 3.x, 2.x
affected
Default status
unaffected
3.x, 2.x
affected
Description
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Problem types
Product status
8.0 (custom) before ESXi80U3f-24784735
8.0 (custom) before ESXi80U2e-24789317
7.0 (custom) before ESXi70U3w-24784741
5.x, 4.5.x
17.x (custom) before 17.6.4
13.x (custom)
5.x, 4.x, 3.x, 2.x
3.x, 2.x
References
support.broadcom.com/...l/content/SecurityAdvisories/0/35877