VMware Releases Security Updates – November 09, 2018

Subject: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

Technical background:
VMXNET3 (VMXNET Generation 3) is a virtual network adapter designed to deliver high performance in virtual machines (VMs) running on the VMware vSphere platform.
How to enable it?
1. Power off your Virtual Appliance in the VMWare Console.
2. Right click the Virtual Appliance, go to Settings.
3. Select Network Adapter 1 and click Remove.
4. Click Add and choose Network Adapter.
5. Choose VMXNET3 under type.

Design weakness:
The uninitialized stack memory vulnerability will be present if vmxnet3 is enabled.
In computing, an uninitialized variable is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs in software.

Remedy:

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.