CVE-2018-6983: integer overflow vulnerability in VMware Workstation and Fusion

VMware recently released security bulletins that fix a serious vulnerability (CVE-2018-6983) in VMware Workstation and Fusion. The weaknesses were provided by Tianwen Tang of Qihoo 360Vulcan Team, which completed the virtual machine escape challenge at the Tianfu Cup 2018 International Pwn Contest. VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. By exploiting this flaw, hackers can take control of affected systems.

CVE-2018-6983

Affected version

  • Vmware Workstation 15.x/14.x
  • Wmware Fusion 11.x/10.x

Unaffected version

  • Workstation 15.0.2/14.1.5
  • Fusion 11.0.2/10.1.5

Solution

Vmware released the patch to fix this vulnerability. It is recommended to get an update as soon as possible.