VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
Conclusion & alert: CVE-2018-6974 is rated Moderate Risk (48.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.47%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.06% | 0.47% | +0.41% |
| 2 | 2025-06-29 | 0.23% | 0.06% | -0.17% |
| 3 | 2025-03-30 | — | 0.23% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.0 | 6.0 | [email protected] |
| 7.2 | 2.0 | HIGH |
|
3.9 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| vmware | workstation | >= 14.0, < 14.1.3 | cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:* |
| vmware | fusion | >= 10.0, < 10.1.3 | cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105660 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1041875 | Broken Link Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1041876 | Broken Link Third Party Advisory VDB Entry |
| https://www.vmware.com/security/advisories/VMSA-2018-0026.html | Patch Vendor Advisory |