CVE-2019-5517

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001 VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6 VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6

Description The issue is related to multiple out-of-bounds read vulnerabilities in the shader translator of the 3D-acceleration feature. Exploitation requires access to a virtual machine with 3D graphics enabled. Successful exploitation may lead to information disclosure or allow attackers with normal user privileges to create a denial-of-service condition on their own VM.

Recommendations For VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001, consider disabling the 3D-acceleration feature as a temporary workaround. For VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6, consider disabling the 3D-acceleration feature as a temporary workaround. For VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6, consider disabling the 3D-acceleration feature as a temporary workaround.