CVE-2019-5516 — Out-of-bounds Read in Vmware Fusion

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 36.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Esxi

Timeline

PublishedApr 15

Latest updateMay 14

Description

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user priv…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.6 | Impact: 5.2

Affected Packages6 packages

▶NVDvmware/fusion10.0.0 — 10.1.6+1

▶NVDvmware/workstation14.0.0 — 14.1.6+1

▶CVEListV5vmware/esxi6.5 before ESXi650-201903001, 6.7 before ESXi670-201904101-SG+1

▶NVDvmware/esxi6.5, 6.7+1

▶CVEListV5vmware/fusion10.x before 10.1.6, 11.x before 11.0.3+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-f2rq-wf7h-frf4: VMware ESXi (6↗2022-05-14

▶

CVEList

CVE-2019-5516: VMware ESXi (6↗2019-04-15

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities.↗2019-04-11

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Denial of service in VMWare Workstation 15↗2019-04-15

▶