A security researcher for Google Project Zero found the library loading vulnerability in the Workstation Pro/Player product. The vulnerability (CVE-2017-4915) is tied to the loading of Advanced Linux Sound Architecture (ALSA) files. The update also fixes a NULL pointer dereference vulnerability in a virtual storage volume driver, vstor2. If exploited the bug could allow host users with normal user privileges to trigger a denial of service in a Windows host machine. It s the ninth security advisory the company has issued this year.
Source: https://threatpost.com/vmware-patches-multiple-security-issues-in-workstation/125805/