CVE Vulnerabilities

CVE-2016-7080

NULL Pointer Dereference

Published: Dec 29, 2016 | Modified: Jul 30, 2017
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Tools Vmware * 10.0.8 (including)
Tools Vmware 10.0.0 (including) 10.0.0 (including)
Tools Vmware 10.0.5 (including) 10.0.5 (including)
Tools Vmware 10.0.6 (including) 10.0.6 (including)

Potential Mitigations

References