ASA-2019-00562 – VMware ESXi, Workstation, Fusion, Remote Console and Horizon Client: Use-after-free vulnerability in the virtual sound device

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. A local attacker with non-administrative access on the guest machine may exploit this issue to execute code on the host.

ASA-2019-00547 – VMware: Out-of-bounds read/write vulnerabilities on virtual machine with 3D graphics enabled

VMware ESXi, Workstation and Fusion contain out-of-bounds read/write vulnerabilities in the pixel shader functionality.  Exploitation of these issues require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. Successful exploitation of the out-of-bounds read issue (CVE-2019-5521) may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. The out-of-bounds write issue (CVE-2019-5684) can be exploited only if the host has an affected NVIDIA graphics driver. Successful exploitation of this issue may lead to code execution on the host. 

ASA-2019-00425 – VMware ESXi: Partial denial of service vulnerability in hostd process

Multiple failed login attempts to ESXi may cause the hostd service to become unresponsive resulting in a partial denial of service for management functionality.  A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive resulting in conditions such as an ESXi host disconnecting from vCenter.

ASA-2019-00277 – VMware: Operating System-Specific Mitigations for MDS vulnerabilities

A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities. There are two known attack vector categories for MDS at the Virtual Machine level: Sequential-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a previous context otherwise protected by architectural mechanisms in the context of the same Virtual Machine. Concurrent-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a concurrently executing context on the other logical processor of the Hyper-Threading-enabled processor core in the context of the same Virtual Machine.

ASA-2019-00276 – VMware: Hypervisor-Assisted Guest Mitigations for MDS vulnerabilities

A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities. Virtual Machines hosted by VMware Hypervisors running on 2nd Generation Intel® Xeon® Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities. There are two known attack vector categories for MDS at the Virtual Machine level: Sequential-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a previous context otherwise protected by architectural mechanisms in the context of the same Virtual Machine. Concurrent-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a concurrently executing context on the other logical processor of the Hyper-Threading-enabled processor core in the context of the same Virtual Machine.