VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability.
The virtualization software company warned of the issues Thursday night in a security advisory VMSA-2017-0009.
Jann Horn, a security researcher for Google Project Zero who’s previously uncovered bugs in Xen’s hypervisor and the Linux kernel, found the library loading vulnerability in VMware’s Workstation Pro/Player product.
The vulnerability (CVE-2017-4915) is tied to the loading of Advanced Linux Sound Architecture (ALSA) files. ALSA, a software framework and part of the Linux kernel, facilitates APIs for sound card driver files. If an attacker exploited the issue successfully they could be able to escalate their privileges to root in a Linux host machine, the advisory warns.
The update also fixes a NULL pointer dereference vulnerability (CVE-2017-4916) in a virtual storage volume driver, vstor2. If exploited the bug, discovered by Borja Merino, a security researcher based in Spain, could allow host users with normal user privileges to trigger a denial of service in a Windows host machine.
VMware is urging customers to update to the most recent version, 12.5.6, to mitigate both issues.
It’s the ninth security advisory VMware has issued this year.
Last month the company fixed a remote code execution vulnerability in its vCenter Server platform that could have been exploited via BlazeDS.
It also fixed several critical vulnerabilities in its Unified Access Gateway, Horizon View and Workstation products. Most of those vulnerabilities stemmed from issues in Cortado ThinPrint, a protocol that compresses print data and exists in VMware’s Workstation and Horizon Client platforms. Attackers could have exploited the bugs via integer overflow and out of bounds read/write vulnerabilities in JPEG2000 and TrueType fonts.
