a. VMware ESXi, Workstation and Fusion vertex shader out-of-bounds read    vulnerability

  VMware ESXi, Workstation and Fusion updates address an out-of-bounds   vulnerability with the vertex shader functionality.  Exploitation of   this issue requires an attacker to have access to a virtual machine   with 3D graphics enabled.  Successful exploitation of this issue may   lead to information disclosure or may allow attackers with normal   user privileges to create a denial-of-service condition on their own   VM.  The workaround for this issue involves disabling the   3D-acceleration feature. This feature is not enabled by default on   ESXi and is enabled by default on Workstation and Fusion.
    VMware would like to thank Piotr Bania of Cisco Talos for reporting   this issue to us.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has   assigned the identifier CVE-2019-5516 to this issue.

b. VMware ESXi, Workstation and Fusion multiple shader translator    out-of-bounds read vulnerabilities

  VMware ESXi, Workstation and Fusion contain multiple out-of-bounds   read vulnerabilities in the shader translator. Exploitation of these   issues requires an attacker to have access to a virtual machine with   3D graphics enabled.  Successful exploitation of these issues may   lead to information disclosure or may allow attackers with normal   user privileges to create a denial-of-service condition on their own   VM.  The workaround for these issues involves disabling the   3D-acceleration feature.  This feature is not enabled by default on   ESXi and is enabled by default on Workstation and Fusion.

  VMware would like to thank RanchoIce of Tencent Security ZhanluLab   for reporting these issues to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has   assigned the identifier CVE-2019-5517 to these issues.

c. VMware ESXi, Workstation and Fusion out-of-bounds read    vulnerability

  VMware ESXi, Workstation and Fusion updates address an out-of-bounds   read vulnerability.  Exploitation of this issue requires an attacker   to have access to a virtual machine with 3D graphics enabled.
  Successful exploitation of this issue may lead to information   disclosure. The workaround for this issue involves disabling the   3D-acceleration feature. This feature is not enabled by default on   ESXi and is enabled by default on Workstation and Fusion.

  VMware would like to thank instructor working with Trend Micro's   Zero Day Initiative for reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has   assigned the identifier CVE-2019-5520 to this issue.

Detections

Analytics

VMSA-2019-0006 : VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities

medium Nessus Plugin ID 124192

Version 1.3