CVE-2019-5525

CWE-416Use After Free4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware WorkstationVmware Vmware Workstation
Timeline
PublishedJun 6
Latest updateMay 24

Description

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

NVDvmware/workstation15.0.015.1.0
CVEListV5vmware/vmware_workstationVMware Workstation (15.x before 15.1.0)

🔴Vulnerability Details

2
GHSA
GHSA-r6q4-gxv3-v7q7: VMware Workstation (152022-05-24
CVEList
CVE-2019-5525: VMware Workstation (152019-06-06

📋Vendor Advisories

1
VMware
VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)2019-06-06
CVE-2019-5525 (HIGH CVSS 8.8) | VMware Workstation (15.x before 15. | cvebase.io