Allele Security Alert
ASA-2019-00165
Identifier(s)
ASA-2019-00165, CVE-2019-5524, VMSA-2019-0005
Title
Out-of-bounds write vulnerability in e1000 virtual network adapter
Vendor(s)
VMware
Product(s)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
Affected version(s)
VMware Workstation Pro / Player (Workstation) versions 14.x
VMware Fusion Pro / Fusion (Fusion) running on OSX versions 10.x
Fixed version(s)
VMware Workstation Pro / Player (Workstation) versions 14.1.6
VMware Fusion Pro / Fusion (Fusion) running on OSX versions 10.1.6
Proof of concept
Unknown
Description
VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
Technical details
Unknown
Credits
Zhangyanyu (Chaitin Tech)
Reference(s)
[Security-announce] New VMSA-2019-0005 – VMware ESXi, Workstation and Fusion updates address multiple security issues
https://lists.vmware.com/pipermail/security-announce/2019/000454.html
VMSA-2019-0005
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
CVE-2019-5524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5524
CVE-2019-5524
https://nvd.nist.gov/vuln/detail/CVE-2019-5524
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 2, 2019