VMware Tools out of bounds read vulnerability [CVE-2019-5522 and CVE-2019-5525]
VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)
VMware Tools update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors:
A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
Resolution:
Update VMware Tools for Windows 10.x to 10.3.10 to resolve this issue.
Workarounds:
No workarounds provided for this vulnerability.
Fixed Version(s) and Release Notes:
VMware Tools 10.3.10
Downloads and Documentation:
https://docs.vmware.com/en/VMware-Tools/index.html
https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=742
VMware Workstation Pro 15.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 15.1.0
Downloads and Documentation:
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.