VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:N/A:P
Vendors Products
Vmware
  • Workstation
  • Fusion
  • Esxi

Configuration 1 [-]

OR cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*
References
Link Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757 Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2019-0012.html Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2019-09-20T18:00:52

Updated: 2019-09-20T18:01:04

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5521

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-09-20T18:15:10.740

Modified: 2019-09-23T13:16:37.023

Link: CVE-2019-5521

JSON object: View

cve-icon Redhat Information

No data.

CWE