SB2019092101 - Multiple vulnerabilities in VMware Workstation, Fusion and ESXi

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2019-5527)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the virtual sound device. A local unprivileged user with access to guest operating system can trigger use-after-free error and execute arbitrary code on the host OS.

Successful exploitation of the vulnerability requires that the sound back-end is not connected.

2) Input validation error (CVE-ID: CVE-2019-5535)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of IPV6 network traffic. A local user on guest OS can send specially crafted IPV6 packets  and disallow network connectivity for all guest machines using VMware NAT mode.

Successful exploitation of this vulnerability requires that VMNAT is enabled.

3) Uncaught Exception (CVE-ID: CVE-2019-5536)

The vulnerability allows a remote attacker to perform a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception in the shader functionality. A remote authenticated attacker can send a specially crafted shader file and cause a denial of service condition on their own VM.

Note: Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled.

Remediation

Install update from vendor's website.

References

• http://www.vmware.com/security/advisories/VMSA-2019-0014.html
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0848
• https://www.vmware.com/security/advisories/VMSA-2019-0019.html