Friday, June 7, 2019

VMware Updates Available

VMware have released updated versions of their virtualization software to fix two security vulnerabilities. VMware Tools are affected by an out of bounds read vulnerability (CVE-2019-5522). A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

VMware Workstation Linux version has a use-after-free vulnerability (CVE-2019-5525). A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Affected versions:
-VMware Tools 10.x Windows versions earlier than 10.3.10
-VMware Workstation 15.x Linux versions earlier than 15.1.0


More information with instructions for updating can be read from the correspondent VMware advisory.

No comments: