VMware Security Announcement VMSA-2021-0011 CVSSv3 Score 3.3 Low
VMware recently released VMSA-2021-0011. This advisory is for VMware Tools for Windows, the update addresses a denial-of-service vulnerability (CVE-2021-21997)
- VMware Tools for Windows
A denial-of-service vulnerability in VMware Tools for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-21997)
VMware Tools for Windows contains a denial-of-service vulnerability in the VM3DMP driver. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.
Known Attack Vectors
A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.
For VMware Tools for Windows 11.x and prior, apply fixed version 11.3. Download links to follow.
Fixed Version(s) and Release Notes:
VMware Tools for Windows 11.3.0
Downloads and Documentation: