VYPR
← All advisories
Unrated severityNVD Advisory· Published May 31, 2014· Updated May 6, 2026

CVE-2014-3793

CVE-2014-3793

Description

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

VMware Tools on Windows 8.1 guest in multiple VMware products contains a kernel NULL pointer dereference that allows guest users to escalate privileges or crash the guest OS.

Vulnerability

A kernel NULL pointer dereference vulnerability exists in VMware Tools when running on a Microsoft Windows 8.1 guest operating system [1]. This affects VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5 without the respective security patches [1]. The vulnerability is triggered via unspecified vectors within the guest.

Exploitation

An attacker with user-level access to the Windows 8.1 guest OS can exploit this vulnerability by triggering the NULL pointer dereference through unspecified vectors [1]. No authentication from the host or network access is required; the attacker must be able to execute code or interact with the vulnerable component within the guest.

Impact

Successful exploitation allows the attacker to escalate privileges within the guest operating system or cause a denial of service by crashing the guest OS via a kernel NULL pointer dereference [1]. The advisory explicitly states that this vulnerability does not allow privilege escalation from the guest to the host, so host memory and processes remain isolated.

Mitigation

VMware has released patches for all affected products: Workstation 10.0.2, Player 6.0.2, Fusion 6.0.3, and ESXi patches ESXi550-201403102-SG, ESXi510-201404102-SG, and ESXi500-201405102-SG [1]. Users should apply the appropriate update. No workarounds are documented in the advisory.

References
  1. Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • VMware/Fusion3 versions
    cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*
  • VMware/Player2 versions
    cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*
  • VMware/Workstation2 versions
    cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*
  • VMware/Esxi6 versions
    cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*
  • Broadcom Corporation/VMware Toolsllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.