Summaries and Symptoms
This patch resolves the following issues:
- ESXi has a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4902 (heap issue) and CVE-2017-4903 (stack issue) to these issues.
- The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
- ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.
Deployment Considerations
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation