Allele Security Alert
ASA-2019-00235
Identifier(s)
ASA-2019-00235, CVE-2019-5517, VMSA-2019-0006
Title
Multiple shader translator out-of-bounds read vulnerabilities
Vendor(s)
VMware
Product(s)
VMware ESXi
VMware Workstation
VMware Fusion
Affected version(s)
VMware ESXi 6.7
VMware ESXi 6.5
VMware Workstation 15.x
VMware Workstation 14.x
VMware Fusion 11.x
VMware Fusion 10.x
Fixed version(s)
VMware ESXi 6.7 ESXi670-201904101-SG
VMware ESX 6.5 ESXi650-201903001
VMware Workstation 15.0.3
VMware Workstation 14.1.6
VMware Fusion 11.0.3
VMware Fusion 10.1.6
Proof of concept
Unkown
Description
VMware ESXi, Workstation and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Technical details
Unknown
Credits
RanchoIce (Tencent Security ZhanluLab)
Reference(s)
VMSA-2019-0006
https://www.vmware.com/security/advisories/VMSA-2019-0006.html
CVE-2019-5517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5517
CVE-2019-5517
https://nvd.nist.gov/vuln/detail/CVE-2019-5517
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 28, 2019