Allele Security Alert
ASA-2019-00237
Identifier(s)
ASA-2019-00237, CVE-2019-5516, VMSA-2019-0006
Title
Vertex shader out-of-bounds read vulnerability
Vendor(s)
VMware
Product(s)
VMware ESXi
VMware Workstation
VMware Fusion
Affected version(s)
VMware ESXi 6.7
VMware ESXi 6.5
VMware Workstation 15.x
VMware Workstation 14.x
VMware Fusion 11.x
VMware Fusion 10.x
Fixed version(s)
VMware 6.7 ESXi670-201904101-SG
VMware 6.5 ESXi650-201903001
VMware Workstation 15.0.3
VMware Workstation 14.1.6
VMware Fusion 11.0.3
VMware Fusion 10.1.6
Proof of concept
Unknown
Description
VMware ESXi, Workstation and Fusion updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Technical details
Unknown
Credits
Piotr Bania (Cisco Talos)
Reference(s)
VMSA-2019-0006
https://www.vmware.com/security/advisories/VMSA-2019-0006.html
CVE-2019-5516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5516
CVE-2019-5516
https://nvd.nist.gov/vuln/detail/CVE-2019-5516
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 16, 2019