VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Partial
AV:N/AC:M/Au:N/C:P/I:N/A:P
Vendors | Products |
---|---|
Vmware |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2019-0006.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2019-04-15T17:20:08
Updated: 2019-04-15T17:20:08
Reserved: 2019-01-07T00:00:00
Link: CVE-2019-5517
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-15T18:29:01.177
Modified: 2019-04-16T17:44:02.457
Link: CVE-2019-5517
JSON object: View
Redhat Information
No data.
CWE