Main Vulnerability Database Vulnerabilities #VU18687

#VU18687 Out-of-bounds read in VMware Tools - CVE-2019-5522

Published: June 6, 2019

Vulnerability identifier: #VU18687

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5522

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
VMware Tools

Software vendor:
VMware, Inc

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the vm3dmp driver, installed with vmtools on Windows guest machines. A local non-privileged user of a Windows guest machine can use a specially crafted application to trigger out-of-bounds read and gain access to kernel memory on the same guest OS or perform denial of service attack against guest OS.

Remediation

Install updates from vendor's website.

External links

http://www.vmware.com/security/advisories/VMSA-2019-0009.html

#VU18687 Out-of-bounds read in VMware Tools - CVE-2019-5522

Description

Remediation

External links

Please verify you're human