CVE-2019-5521

Summary

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Affected Software

VendorProductVersion RangeStatus
VMwareVMware ESXi6.7 before ESXi670-201904101-SGaffected
VMwareVMware ESXi6.5 before ESXi650-201903001affected
VMwareVMware Workstation15.x before 15.0.3affected
VMwareVMware Workstation14.x before 14.1.6affected
VMwareVMware Fusion11.x before 11.0.3affected
VMwareVMware Fusion10.x before 10.1.6affected

Weaknesses

  • Out of bounds read vulnerability

ADP Enrichment

CVE Program Container

Additional References

References