CVE-2017-4904 vulnerability in VMware Products
Published on June 7, 2017

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

NVD

Products Associated with CVE-2017-4904

Want to know whenever a new CVE is published for VMware products? stack.watch will email you.

VMware Workstation Player

VMware Workstation Pro

VMware ESXi

VMware Workstation

VMware Fusion

Affected Versions

VMware ESXi:

Version 6.5 without patch ESXi650-201703410-SG is affected.
Version 6.0 U3 without patch ESXi600-201703401-SG is affected.
Version 6.0 U2 without patch ESXi600-201703403-SG is affected.
Version 6.0 U1 without patch ESXi600-201703402-SG is affected.
Version 5.5 without patch ESXi550-201703401-SG is affected.

VMware Workstation Pro / Player:

Version 12.x prior to 12.5.5 is affected.

VMware Fusion Pro / Fusion:

Version 8.x prior to 8.5.6 is affected.

Exploit Probability

EPSS

0.23%

Percentile

46.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-4904 vulnerability in VMware ProductsPublished on June 7, 2017

Products Associated with CVE-2017-4904

Affected Versions

Exploit Probability

CVE-2017-4904 vulnerability in VMware Products
Published on June 7, 2017