Some versions of Workstation and Player are affected by the vulnerability
VMware has released updates for VMware Workstation and VMware Player in order to fix a security hole that could be leveraged by cybercriminals to host privilege escalation on Linux-based devices.According to the advisory published by the company, VMware Workstation for Linux 9.x prior to version 9.0.3 and VMware Player for Linux 5.x prior to version 5.0.3 are impacted by the vulnerability. Fusion, ESX and ESXi are not affected.
The issue (CVE-2013-5972), caused by the way shared libraries are handled, could allow a local attacker to escalate his privileges to root.
“The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa,” VMware noted.
Workstation and Player customers are advised to update their installations to versions 9.0.3 and 5.0.3, respectively.