ASA-2019-00236 – VMware: Out-of-bounds read vulnerability

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00236

Identifier(s)

ASA-2019-00236, CVE-2019-5520, VMSA-2019-0006

Title

Out-of-bounds read vulnerability

Vendor(s)

VMware

Product(s)

VMware ESXi
VMware Workstation
VMware Fusion

Affected version(s)

VMware ESXi 6.7
VMware ESXi 6.5
VMware Workstation 15.x
VMware Workstation 14.x
VMware Fusion 11.x
VMware Fusion 10.x

Fixed version(s)

VMware ESXi ESXi670-201904101-SG
VMware ESXi ESXi650-201903001
VMware Workstation 15.0.3
VMware Workstation 14.1.6
VMware Fusion 11.0.3
VMware Fusion 10.1.6

Proof of concept

Unknown

Description

VMware ESXi, Workstation and Fusion updates address an out-of-bounds read vulnerability.  Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled.  Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Technical details

Unknown

Credits

Trend Micro

Reference(s)

VMSA-2019-0006
https://www.vmware.com/security/advisories/VMSA-2019-0006.html

CVE-2019-5520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5520

CVE-2019-5520
https://nvd.nist.gov/vuln/detail/CVE-2019-5520

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 16, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.