VMware Tools out of bounds read vulnerability [CVE-2019-5522 and CVE-2019-5525]

VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)

VMware Tools update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.  VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors:

A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

Resolution:

Update VMware Tools for Windows 10.x to 10.3.10 to resolve this issue.

Workarounds:

No workarounds provided for this vulnerability.

Fixed Version(s) and Release Notes:

VMware Tools 10.3.10
Downloads and Documentation:

https://docs.vmware.com/en/VMware-Tools/index.html

https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=742

VMware Workstation Pro 15.1.0

Downloads and Documentation:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html


VMware Workstation Player 15.1.0

Downloads and Documentation:

https://www.vmware.com/go/downloadplayerhttps://docs.vmware.com/en/VMware-Workstation-Player/index.html

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: