VMSA-2019-0006:VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities
23551
09 April 2019
09 April 2019
CLOSED
HIGH
CVE-2019-5516,CVE-2019-5517,CVE-2019-5520
VMSA-2019-0006
VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities.
VMware Security Advisory
1. Summary
VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities.
2. Relevant Products
- VMware vSphere ESXi (ESXi)
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
3. Problem Description
a. VMware ESXi, Workstation and Fusion vertex shader out-of-bounds read vulnerability
VMware ESXi, Workstation and Fusion updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
VMware would like to thank Piotr Bania of Cisco Talos for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5516 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
b. VMware ESXi, Workstation and Fusion multiple shader translator out-of-bounds read vulnerabilities
VMware ESXi, Workstation and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
VMware would like to thank RanchoIce of Tencent Security ZhanluLab for reporting these issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5517 to these issues.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
c. VMware ESXi, Workstation and Fusion out-of-bounds read vulnerability
VMware ESXi, Workstation and Fusion updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
VMware would like to thank instructor working with Trend Micro's Zero Day Initiative for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5520 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
4. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESXi 6.7
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u2-release-notes.html
ESXi 6.5
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_5
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html
VMware Workstation Pro 14.1.6, 15.0.3
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 14.1.6, 15.0.3
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion Pro / Fusion 10.1.6, 11.0.3
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
6. Change log
2019-04-11: VMSA-2019-0006
Initial security advisory in conjunction with the release of ESXi 6.7 U2 on 2019-04-11.
7. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2019 VMware Inc. All rights reserved.