VMware Security Announcement VMSA-2021-0011 CVSSv3 Score 3.3 Low

VMware recently released VMSA-2021-0011. This advisory is for VMware Tools for Windows, the update addresses a denial-of-service vulnerability (CVE-2021-21997)

Impacted Products
  • VMware Tools for Windows
Introduction

A denial-of-service vulnerability in VMware Tools for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-21997)

Description

VMware Tools for Windows contains a denial-of-service vulnerability in the VM3DMP driver. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.

Known Attack Vectors

A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

Resolution

For VMware Tools for Windows 11.x and prior, apply fixed version 11.3. Download links to follow.

Fixed Version(s) and Release Notes:

VMware Tools for Windows 11.3.0

Downloads and Documentation:

https://my.vmware.com/en/group/vmware/downloads/details?downloadGroup=VMTOOLS1130&productId=1073

https://docs.vmware.com/en/VMware-Tools/11.3/rn/VMware-Tools-1130-Release-Notes.html