VMware Workstation, Fusion and ESXi exist DOS attack vulnerability

VMware issued an announcement stating that when enabling 3D acceleration, its products—VMware vSphere ESXi (ESXi), VMware Workstation Pro / Player (Workstation), and VMware Fusion Pro, Fusion (Fusion) are at risk of DOS attacks. And no related security patches have been provided yet.

The official description of the vulnerability is due to an infinite loop in the 3D rendering shader, and VMware ESXi, Workstation, and Fusion all contain a denial of service (DOS) vulnerability. Successful exploitation of this vulnerability could allow an attacker with standard user rights to render the VM unresponsive in the guest account and, in some cases, may cause other VMs on the host or the host itself to become unresponsive.

In this regard, the proper mitigation solution is to disable 3D acceleration manually. This means that an attacker can take advantage of this issue only if 3D acceleration is enabled. By default, ESXi does not allow this feature, but it is enabled on Workstation and Fusion.