CVE-2019-5521

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001 VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6 VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6

Description The issue is related to an out-of-bounds read vulnerability in the pixel shader functionality, which can be exploited by an attacker with access to a virtual machine with 3D graphics enabled. This may lead to information disclosure or allow attackers with normal user privileges to create a denial-of-service condition on the host.

Recommendations For VMware ESXi versions 6.7 before ESXi670-201904101-SG, update to ESXi670-201904101-SG or later. For VMware ESXi versions 6.5 before ESXi650-201903001, update to ESXi650-201903001 or later. For VMware Workstation versions 15.x before 15.0.3, update to 15.0.3 or later. For VMware Workstation versions 14.x before 14.1.6, update to 14.1.6 or later. For VMware Fusion versions 11.x before 11.0.3, update to 11.0.3 or later. For VMware Fusion versions 10.x before 10.1.6, update to 10.1.6 or later. As a temporary workaround, consider disabling 3D graphics on virtual machines to minimize the risk of exploitation.