CVE-2019-5517
N/A
Summary
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| VMware | ESXi | 6.7 before ESXi670-201904101-SG | affected |
| VMware | ESXi | 6.5 before ESXi650-201903001 | affected |
| VMware | Workstation | 15.x before 15.0.3 | affected |
| VMware | Workstation | 14.x before 14.1.6 | affected |
| VMware | Fusion | 11.x before 11.0.3 | affected |
| VMware | Fusion | 10.x before 10.1.6 | affected |
Weaknesses
- Multiple Out-of-bounds read vulnerabilities
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.