DoS Attack on ESXi Host via Nvidia Video Driver Vulnerability

VMware has published a security advisory about a vulnerability on Nvidia Video Driver. All environments which have enabled 3D video graphic on virtual machines and using Nvidia video adapter has impacted by that.

Affected Products

All ESXi have been affected except ESXi 6.0, also VMware Workstation and VMware Fusion have been affected. There are available patches to resolve the issue.

Patches and Workarounds

The workaround for these issues involves disabling the 3D-acceleration feature. Please see the ‘Workarounds’¬† column¬†of the ‘Resolution Matrix’ found below.

ProductVersionRunning OnCVE Identifier*CVSSV3SeverityFixed VersionWorkaroundsAdditional Documents
ESXi
6.7
Any
CVE-2019-5521/
CVE-2019-5684
6.3/
8.5
Important
ESXi670-201904101-SG
see VMSA-2018-0025
None
ESXi6.5AnyCVE-2019-5521/
CVE-2019-5684
6.3/
8.5
ImportantESXi650-201903001see VMSA-2018-0025None
ESXi6.0AnyCVE-2019-5521/
CVE-2019-5684
N/AN/ANot affectedN/AN/A
Workstation15.xAnyCVE-2019-5521/
CVE-2019-5684
7.7/
8.5
Important15.0.3see VMSA-2018-0025None
Workstation14.xAnyCVE-2019-5521/
CVE-2019-5684
7.7/
8.5
Important14.1.6see VMSA-2018-0025None
Fusion11.xOSXCVE-2019-5521/
CVE-2019-5684
7.7/
8.5
Important11.0.3see VMSA-2018-0025None
Fusion10.xOSXCVE-2019-5521/
CVE-2019-5684
7.7/
8.5
Important10.1.6see VMSA-2018-0025None

Further Reading

ESXi Fails with “Corruption in dlmalloc” on HPE Server

E1000 NIC Out of Bounds Write Vulnerability

Virtual Machine Compute Optimizer

End of General Support for vSphere 6.0

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

1 Response

  1. In the last few weeks attacks have grown and seems like every company is being targeted. Ransomeware reached its new heights and now these DoS attacks. I wonder where its heading?

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our newsletter and join other subscribers

Holler Box