CVE-2019-5520

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001 VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6 VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6

Description The issue is related to an out-of-bounds read vulnerability in the memory, which may allow a remote attacker to disclose protected information. Exploitation of this issue requires access to a virtual machine with 3D graphics enabled. Successful exploitation may lead to information disclosure.

Recommendations For VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001, update to the latest version. For VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6, update to the latest version. For VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6, update to the latest version. As a temporary workaround, consider disabling the 3D-acceleration feature to minimize the risk of exploitation.