VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Metrics
No CVSS v4.0
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:M/Au:N/C:P/I:N/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Vmware |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2019-04-15T17:12:06
Updated: 2024-08-04T20:01:51.278Z
Reserved: 2019-01-07T00:00:00
Link: CVE-2019-5520
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-15T18:29:01.223
Modified: 2019-04-17T16:29:00.850
Link: CVE-2019-5520
Redhat
No data.