Multiple vulnerabilities in VMware Workstation Pro and VMware Tools
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-5522 CVE-2019-5525 CVE-2019-5526 |
| CWE-ID | CWE-125 CWE-416 CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
VMware Tools Client/Desktop applications / Other client software VMware Workstation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated 30.10.2019
Added vulnerability #3, changed severity.
1) Out-of-bounds read
EUVDB-ID: #VU18687
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5522
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the vm3dmp driver, installed with vmtools on Windows guest machines. A local non-privileged user of a Windows guest machine can use a specially crafted application to trigger out-of-bounds read and gain access to kernel memory on the same guest OS or perform denial of service attack against guest OS.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Tools: 10.0.0 - 10.3.5
CPE2.3- cpe:2.3:a:vmware:vmware_tools:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_tools:10.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_tools:10.0.6:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2019-0009.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU18688
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5525
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the host system.
The vulnerability exists due to a use-after-free error in advanced Linux Sound Architecture (ALSA) backend. A local non-privileged user of a guest OS can use a specially crafted application to trigger use-after-free error and execute arbitrary code on the Linux host where Workstation is installed.
Successful exploitation of the vulnerability may allow an attacker to compromise Linux host operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Workstation: 15.0.0 - 15.0.4
CPE2.3- cpe:2.3:a:vmware:vmware_workstation:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.2:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2019-0009.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22416
Risk: High
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2019-5526
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to some DLL files are improperly loaded by the application. A remote authenticated attacker can hijack DLL files and escalate privileges to administrator on a windows host where Workstation is installed.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Workstation: 15.0.0 - 15.0.4
CPE2.3- cpe:2.3:a:vmware:vmware_workstation:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.2:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2019-0007.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
