High severity8.8NVD Advisory· Published Jun 7, 2017· Updated May 13, 2026

CVE-2017-4902

Description

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

Affected products

VMware/Fusion
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
Range: >=8.0.0,<8.5.6
VMware/Fusion Pro
cpe:2.3:a:vmware:fusion_pro:*:*:*:*:*:*:*:*
Range: >=8.0.0,<8.5.6
VMware/Workstation Player
cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*
Range: >=12.0.0,<12.5.5
VMware/Workstation Pro
cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*
Range: >=12.0.0,<12.5.5
VMware/Esxi10 versions
cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:5.5:1:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:5.5:2:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:5.5:3a:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:5.5:3b:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
- (no CPE)range: 6.5 without patch ESXi650-201703410-SG
VMware/Fusion Pro / Fusionv5
Range: 8.x prior to 8.5.6
VMware/Workstation Pro / Playerv5
Range: 12.x prior to 12.5.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vmware.com/security/advisories/VMSA-2017-0006.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/97163nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038148nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038149nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000