VMware Security Advisories

Advisory ID VMSA-2019-0009
Advisory Severity Important
CVSSv3 Range 7.1-8.5
Synopsis VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)
Issue Date 2019-06-06
Updated On 2019-06-06 (Initial Advisory)
CVE(s) CVE-2019-5522, CVE-2019-5525
1. Impacted Products
  • VMware Tools for Windows (VMware Tools)
  • VMware Workstation Pro / Player for Linux (Workstation)
2. Introduction
VMware Tools for Windows and Workstation updates address out of bounds read and use-after-free vulnerabilities respectively.
 
3a. VMware Tools for Windows out of bounds read vulnerability - CVE-2019-5522

Description:

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.  This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. 

VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

 

Known Attack Vectors:

A local attacker with non-administrative access to a Windows guest with VMware Tools for Windows installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

 

Resolution:

Update VMware Tools for Windows 10.2.x/10.3.x to 10.3.10 to resolve this issue.

 

Workarounds:

No workarounds provided for this vulnerability.

 

Additional Documentations:

None.

 

Acknowledgements:

VMware would like to thank ChenNan and RanchoIce of Tencent ZhanluLab for reporting this issue to us.

 

Response Matrix:

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documents
VMware Tools
10.2.x/10.3.x Windows CVE-2019-5522 7.1
Important
10.3.10
None None
VMware Tools x.x Linux CVE-2019-5522 N/A N/A not affected N/A N/A
3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525

Description:

VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

 

Known Attack Vectors:

A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

 

Resolution:

Update Workstation 15.x to 15.1.0 to resolve this issue.

 

Workarounds:

No workarounds provided for this vulnerability.

 

Additional Documentations:

None.

 

Acknowledgements:

VMware would like to thank Brice L'helgouarc'h of Amossys for reporting this issue to us.

 

Response Matrix:

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documents
Workstation
15.x
Linux
CVE-2019-5525 8.5
Important
15.1.0
None None
Workstation 15.x Windows CVE-2019-5525 N/A
N/A not affected N/A N/A

5. Change log
 

2019-06-06: VMSA-2019-0009  Initial security advisory.

6. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2019 VMware Inc. All rights reserved.