VMSA-2019-0009:VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities.
23554
04 June 2019
04 June 2019
CLOSED
HIGH
7.1-8.5
CVE-2019-5522,CVE-2019-5525
VMware Security Advisories
| Advisory ID | VMSA-2019-0009 |
| Advisory Severity | Important |
| CVSSv3 Range | 7.1-8.5 |
| Synopsis | VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525) |
| Issue Date | 2019-06-06 |
| Updated On | 2019-06-06 (Initial Advisory) |
| CVE(s) | CVE-2019-5522, CVE-2019-5525 |
1. Impacted Products
- VMware Tools for Windows (VMware Tools)
- VMware Workstation Pro / Player for Linux (Workstation)
2. Introduction
VMware Tools for Windows and Workstation updates address out of bounds read and use-after-free vulnerabilities respectively.
3a. VMware Tools for Windows out of bounds read vulnerability - CVE-2019-5522
Description:
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10.
VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors:
A local attacker with non-administrative access to a Windows guest with VMware Tools for Windows installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
Resolution:
Update VMware Tools for Windows 10.2.x/10.3.x to 10.3.10 to resolve this issue.
Workarounds:
No workarounds provided for this vulnerability.
Additional Documentations:
None.
Acknowledgements:
VMware would like to thank ChenNan and RanchoIce of Tencent ZhanluLab for reporting this issue to us.
Response Matrix:
| Product | Version | Running On | CVE Identifier | CVSSV3 | Severity | Fixed Version | Workarounds | Additional Documents |
| VMware Tools | 10.2.x/10.3.x | Windows | CVE-2019-5522 | 7.1 | Important | 10.3.10 | None | None |
| VMware Tools | x.x | Linux | CVE-2019-5522 | N/A | N/A | not affected | N/A | N/A |
3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525
Description:
VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
Known Attack Vectors:
A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
Resolution:
Update Workstation 15.x to 15.1.0 to resolve this issue.
Workarounds:
No workarounds provided for this vulnerability.
Additional Documentations:
None.
Acknowledgements:
VMware would like to thank Brice L'helgouarc'h of Amossys for reporting this issue to us.
Response Matrix:
| Product | Version | Running On | CVE Identifier | CVSSV3 | Severity | Fixed Version | Workarounds | Additional Documents |
| Workstation | 15.x | Linux | CVE-2019-5525 | 8.5 | Important | 15.1.0 | None | None |
| Workstation | 15.x | Windows | CVE-2019-5525 | N/A | N/A | not affected | N/A | N/A |
4. References
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5525
Fixed Version(s) and Release Notes:
VMware Tools 10.3.10
Downloads and Documentation:
https://docs.vmware.com/en/VMware-Tools/index.html
https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=742
VMware Workstation Pro 15.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 15.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
5. Change log
2019-06-06: VMSA-2019-0009 Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2019 VMware Inc. All rights reserved.