CVE-2019-5536

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.7 before ESXi670-201908101-SG VMware ESXi versions 6.5 before ESXi650-201910401-SG VMware Workstation versions 15.x before 15.5.0 VMware Fusion versions 11.x before 11.5.0

Description The issue is related to a denial-of-service vulnerability in the shader functionality of the 3D graphics component. This vulnerability can be exploited by attackers with normal user privileges to create a denial-of-service condition on their own virtual machine, but it requires access to a virtual machine with 3D graphics enabled. The 3D graphics functionality is not enabled by default on ESXi but is enabled by default on Workstation and Fusion. The vulnerability is also associated with insufficient input validation, which could allow a remote attacker to cause a denial-of-service condition.

Recommendations For VMware ESXi version 6.7, update to ESXi670-201908101-SG or later. For VMware ESXi version 6.5, update to ESXi650-201910401-SG or later. For VMware Workstation version 15.x, update to 15.5.0 or later. For VMware Fusion version 11.x, update to 11.5.0 or later. As a temporary workaround, consider disabling the 3D graphics functionality on affected virtual machines until a patch is applied.