1. Impacted Products

• VMware Tools for Windows (VMware Tools)
  
• VMware Workstation Pro / Player for Linux (Workstation)
  

2. Introduction

VMware Tools for Windows and Workstation updates address out of bounds read and use-after-free vulnerabilities respectively.

3a. VMware Tools for Windows out of bounds read vulnerability - CVE-2019-5522

Description:

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.  This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. 

VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors:

A local attacker with non-administrative access to a Windows guest with VMware Tools for Windows installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

Resolution:

Update VMware Tools for Windows 10.2.x/10.3.x to 10.3.10 to resolve this issue.

Workarounds:

No workarounds provided for this vulnerability.

Additional Documentations:

None.

Acknowledgements:

VMware would like to thank ChenNan and RanchoIce of Tencent ZhanluLab for reporting this issue to us.

Response Matrix:

3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525

Description:

VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

Known Attack Vectors:

A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Resolution:

Update Workstation 15.x to 15.1.0 to resolve this issue.

Workarounds:

No workarounds provided for this vulnerability.

Additional Documentations:

None.

Acknowledgements:

VMware would like to thank Brice L'helgouarc'h of Amossys for reporting this issue to us.

Response Matrix:

4. References

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5525

Fixed Version(s) and Release Notes:

VMware Tools 10.3.10
Downloads and Documentation:

https://docs.vmware.com/en/VMware-Tools/index.html

https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=742

VMware Workstation Pro 15.1.0

Downloads and Documentation:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 15.1.0

Downloads and Documentation:

https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html

5. Change log
 

2019-06-06: VMSA-2019-0009  Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

VMware Security Advisories

https://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

Twitter

https://twitter.com/VMwareSRC

Copyright 2019 VMware Inc. All rights reserved.