The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
2017-06-07T18:29:00.397
2025-04-20T01:37:25.860
Deferred
CVSSv3.1: 8.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | fusion | < 8.5.6 | Yes |
| Application | vmware | fusion_pro | < 8.5.6 | Yes |
| Operating System | apple | mac_os_x | - | No |
| Application | vmware | workstation_player | < 12.5.5 | Yes |
| Application | vmware | workstation_pro | < 12.5.5 | Yes |
| Operating System | vmware | esxi | 5.5 | Yes |
| Operating System | vmware | esxi | 5.5 | Yes |
| Operating System | vmware | esxi | 5.5 | Yes |
| Operating System | vmware | esxi | 5.5 | Yes |
| Operating System | vmware | esxi | 5.5 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.0 | Yes |
| Operating System | vmware | esxi | 6.5 | Yes |