CVE-2019-5541 — Out-of-bounds Write in Vmware Fusion

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

9.1CRITICALNVD

EPSS

0.7%

top 27.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation AND Fusion

Timeline

PublishedNov 20

Latest updateMay 24

Description

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5vmware/workstation_and_fusionWorkstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1)

▶NVDvmware/fusion11.0.0 — 11.5.1

▶NVDvmware/workstation15.0.0 — 15.5.1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-w3wx-jc54-pqp4: VMware Workstation (15↗2022-05-24

▶

CVEList

CVE-2019-5541: VMware Workstation (15↗2019-11-20

▶

📋Vendor Advisories

VMware

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2019-5540, CVE-2019-5541, CVE-2019-5542)↗2019-11-12

▶