PT-2019-2547 · Vmware · Vmware Esxi+2
Published
2019-04-11
·
Updated
2019-04-16
·
CVE-2019-5517
CVSS v2.0
8.8
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001
VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6
VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6
Description
The issue is related to multiple out-of-bounds read vulnerabilities in the shader translator of the 3D-acceleration feature. Exploitation requires access to a virtual machine with 3D graphics enabled. Successful exploitation may lead to information disclosure or allow attackers with normal user privileges to create a denial-of-service condition on their own VM.
Recommendations
For VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001, consider disabling the 3D-acceleration feature as a temporary workaround.
For VMware Workstation versions 15.x before 15.0.3 and 14.x before 14.1.6, consider disabling the 3D-acceleration feature as a temporary workaround.
For VMware Fusion versions 11.x before 11.0.3 and 10.x before 10.1.6, consider disabling the 3D-acceleration feature as a temporary workaround.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Esxi
Vmware Fusion
Vmware Workstation