VMware released security updates to address vulnerabilities affecting Tools 10 and Workstation 15, where an attacker could exploit an issue to take control of an affected system.
VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities.
The products suffering from the issues are:
• VMware Tools for Windows (VMware Tools)
• VMware Workstation Pro / Player for Linux (Workstation)
In one vulnerability (CVE-2019-5522), VMware Tools update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. VMware evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.1.
A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
Users can update to VMware Tools for Windows 10.x to 10.3.10 to resolve this issue.
ChenNan and RanchoIce of Tencent ZhanluLab discovered the issue.
The other issue is a VMware Workstation use-after-free vulnerability (CVE-2019-5525).
VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.
A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
A user can update Workstation 15.x to 15.1.0 to resolve this issue.
Brice L’helgouarc’h of Amossys discovered the vulnerability.