VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Workstation | Vmware | 12.0.0 (including) | 12.0.0 (including) |
| Workstation | Vmware | 12.0.1 (including) | 12.0.1 (including) |
| Workstation | Vmware | 12.1 (including) | 12.1 (including) |
| Workstation | Vmware | 12.1.1 (including) | 12.1.1 (including) |
| Workstation | Vmware | 12.5 (including) | 12.5 (including) |
| Workstation | Vmware | 12.5.1 (including) | 12.5.1 (including) |
| Workstation | Vmware | 12.5.2 (including) | 12.5.2 (including) |
| Workstation | Vmware | 12.5.3 (including) | 12.5.3 (including) |
| Workstation | Vmware | 12.5.4 (including) | 12.5.4 (including) |
| Workstation | Vmware | 12.5.5 (including) | 12.5.5 (including) |
| Workstation | Vmware | 12.5.6 (including) | 12.5.6 (including) |
| Workstation | Vmware | 12.5.7 (including) | 12.5.7 (including) |