VIR Vulnerability Intelligence Relay

CVE-2017-4938

medium
Published 2017-11-17 · Modified 2026-05-13
CVSS v3
6.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS v2
2.1
VIR risk
6.5

Description

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Predictions

Exploit likelihood
65%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@vmware.com — https://www.vmware.com/security/advisories/VMSA-2017-0018.html

Application impact
VendorProductVersionsFixed
vmwareworkstation12.0.0
vmwareworkstation12.0.1
vmwareworkstation12.1
vmwareworkstation12.1.1
vmwareworkstation12.5
vmwareworkstation12.5.1
vmwareworkstation12.5.2
vmwareworkstation12.5.3
vmwareworkstation12.5.4
vmwareworkstation12.5.5
vmwareworkstation12.5.6
vmwareworkstation12.5.7
vmwarefusion8.0.0
vmwarefusion8.0.1
vmwarefusion8.0.2
vmwarefusion8.1.0
vmwarefusion8.1.1
vmwarefusion8.5.0
vmwarefusion8.5.1
vmwarefusion8.5.2
vmwarefusion8.5.3
vmwarefusion8.5.4
vmwarefusion8.5.5
vmwarefusion8.5.6
vmwarefusion8.5.7
vmwarefusion8.5.8

References

CWEs

CWE-476

Verify integrity in audit chain (admin only). AS-IS.