Summaries and Symptoms
This patch resolves the following issues:
- ESXi has uninitialized stack memory usage in SVGA. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4903 to this issue.
- The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
- ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.
Deployment Considerations
If your data center uses an ESXi deployment of 6.0 Update 3, there are no special considerations beyond the information listed in the table above. However, if your data center uses an ESXi deployment other than ESXi 6.0 Update 3, see the following Knowledge Base articles for more information.
- If your data center uses an ESXi 6.0 Update 1 deployment or patches based on ESXi 6.0 Update 1 and you do not plan to upgrade to ESXi 6.0 Update 3, see KB 2149672.
- If your data center uses an ESXi 6.0 Update 2 deployment or patches based on ESXi 6.0 Update 2 and you do not plan to upgrade to ESXi 6.0 Update 3, see KB 2149673.
Note: To determine your ESXi deployment type, see KB 2143832.
Patch Download and Installation