VMSA-2019-0009:VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities.

VMware

0 more products

23554

04 June 2019

04 June 2019

CLOSED

HIGH

7.1-8.5

CVE-2019-5522,CVE-2019-5525

VMware Security Advisories

Advisory IDVMSA-2019-0009
Advisory SeverityImportant
CVSSv3 Range7.1-8.5
SynopsisVMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)
Issue Date2019-06-06
Updated On2019-06-06 (Initial Advisory)
CVE(s)CVE-2019-5522, CVE-2019-5525
1. Impacted Products
  • VMware Tools for Windows (VMware Tools)
  • VMware Workstation Pro / Player for Linux (Workstation)
2. Introduction
VMware Tools for Windows and Workstation updates address out of bounds read and use-after-free vulnerabilities respectively.
 
3a. VMware Tools for Windows out of bounds read vulnerability - CVE-2019-5522

Description:

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.  This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. 

VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

 

Known Attack Vectors:

A local attacker with non-administrative access to a Windows guest with VMware Tools for Windows installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

 

Resolution:

Update VMware Tools for Windows 10.2.x/10.3.x to 10.3.10 to resolve this issue.

 

Workarounds:

No workarounds provided for this vulnerability.

 

Additional Documentations:

None.

 

Acknowledgements:

VMware would like to thank ChenNan and RanchoIce of Tencent ZhanluLab for reporting this issue to us.

 

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSV3SeverityFixed VersionWorkaroundsAdditional Documents
VMware Tools
10.2.x/10.3.xWindowsCVE-2019-55227.1
Important
10.3.10
NoneNone
VMware Toolsx.xLinuxCVE-2019-5522N/AN/Anot affectedN/AN/A
3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525

Description:

VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

 

Known Attack Vectors:

A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

 

Resolution:

Update Workstation 15.x to 15.1.0 to resolve this issue.

 

Workarounds:

No workarounds provided for this vulnerability.

 

Additional Documentations:

None.

 

Acknowledgements:

VMware would like to thank Brice L'helgouarc'h of Amossys for reporting this issue to us.

 

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSV3SeverityFixed VersionWorkaroundsAdditional Documents
Workstation
15.x
Linux
CVE-2019-55258.5
Important
15.1.0
NoneNone
Workstation15.xWindowsCVE-2019-5525N/A
N/Anot affectedN/AN/A

5. Change log
 

2019-06-06: VMSA-2019-0009  Initial security advisory.

6. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  [email protected]

  [email protected]

  [email protected]

 

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2019 VMware Inc. All rights reserved.