CVE-2019-5517

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
vmwarefusion
10.0.0 ≤
𝑥
< 10.1.6
vmwarefusion
11.0.0 ≤
𝑥
< 11.0.3
vmwareworkstation
14.0.0 ≤
𝑥
< 14.1.6
vmwareworkstation
15.0.0 ≤
𝑥
< 15.0.3
vmwareesxi
6.5
vmwareesxi
6.5:650-201701001
vmwareesxi
6.5:650-201703001
vmwareesxi
6.5:650-201703002
vmwareesxi
6.5:650-201704001
vmwareesxi
6.5:650-201707101
vmwareesxi
6.5:650-201707102
vmwareesxi
6.5:650-201707103
vmwareesxi
6.5:650-201707201
vmwareesxi
6.5:650-201707202
vmwareesxi
6.5:650-201707203
vmwareesxi
6.5:650-201707204
vmwareesxi
6.5:650-201707205
vmwareesxi
6.5:650-201707206
vmwareesxi
6.5:650-201707207
vmwareesxi
6.5:650-201707208
vmwareesxi
6.5:650-201707209
vmwareesxi
6.5:650-201707210
vmwareesxi
6.5:650-201707211
vmwareesxi
6.5:650-201707212
vmwareesxi
6.5:650-201707213
vmwareesxi
6.5:650-201707214
vmwareesxi
6.5:650-201707215
vmwareesxi
6.5:650-201707216
vmwareesxi
6.5:650-201707217
vmwareesxi
6.5:650-201707218
vmwareesxi
6.5:650-201707219
vmwareesxi
6.5:650-201707220
vmwareesxi
6.5:650-201707221
vmwareesxi
6.5:650-201710001
vmwareesxi
6.5:650-201712001
vmwareesxi
6.5:650-201803001
vmwareesxi
6.5:650-201806001
vmwareesxi
6.5:650-201808001
vmwareesxi
6.5:650-201810001
vmwareesxi
6.5:650-201810002
vmwareesxi
6.5:650-201811001
vmwareesxi
6.5:650-201811002
vmwareesxi
6.5:650-201811301
vmwareesxi
6.5:650-201901001
vmwareesxi
6.7
vmwareesxi
6.7:670-201806001
vmwareesxi
6.7:670-201807001
vmwareesxi
6.7:670-201808001
vmwareesxi
6.7:670-201810001
vmwareesxi
6.7:670-201810101
vmwareesxi
6.7:670-201810102
vmwareesxi
6.7:670-201810103
vmwareesxi
6.7:670-201810201
vmwareesxi
6.7:670-201810202
vmwareesxi
6.7:670-201810203
vmwareesxi
6.7:670-201810204
vmwareesxi
6.7:670-201810205
vmwareesxi
6.7:670-201810206
vmwareesxi
6.7:670-201810207
vmwareesxi
6.7:670-201810208
vmwareesxi
6.7:670-201810209
vmwareesxi
6.7:670-201810210
vmwareesxi
6.7:670-201810211
vmwareesxi
6.7:670-201810212
vmwareesxi
6.7:670-201810213
vmwareesxi
6.7:670-201810214
vmwareesxi
6.7:670-201810215
vmwareesxi
6.7:670-201810216
vmwareesxi
6.7:670-201810217
vmwareesxi
6.7:670-201810218
vmwareesxi
6.7:670-201810219
vmwareesxi
6.7:670-201810220
vmwareesxi
6.7:670-201810221
vmwareesxi
6.7:670-201810222
vmwareesxi
6.7:670-201810223
vmwareesxi
6.7:670-201810224
vmwareesxi
6.7:670-201810225
vmwareesxi
6.7:670-201810226
vmwareesxi
6.7:670-201810227
vmwareesxi
6.7:670-201810228
vmwareesxi
6.7:670-201810229
vmwareesxi
6.7:670-201810230
vmwareesxi
6.7:670-201810231
vmwareesxi
6.7:670-201810232
vmwareesxi
6.7:670-201810233
vmwareesxi
6.7:670-201810234
vmwareesxi
6.7:670-201811001
vmwareesxi
6.7:670-201901001
vmwareesxi
6.7:670-201901401
vmwareesxi
6.7:670-201901402
vmwareesxi
6.7:670-201901403
vmwareesxi
6.7:670-201904201
vmwareesxi
6.7:670-201904202
vmwareesxi
6.7:670-201904203
vmwareesxi
6.7:670-201904204
vmwareesxi
6.7:670-201904205
vmwareesxi
6.7:670-201904206
vmwareesxi
6.7:670-201904207
vmwareesxi
6.7:670-201904208
vmwareesxi
6.7:670-201904209
vmwareesxi
6.7:670-201904210
vmwareesxi
6.7:670-201904211
vmwareesxi
6.7:670-201904212
vmwareesxi
6.7:670-201904213
vmwareesxi
6.7:670-201904214
vmwareesxi
6.7:670-201904215
vmwareesxi
6.7:670-201904216
vmwareesxi
6.7:670-201904217
vmwareesxi
6.7:670-201904218
vmwareesxi
6.7:670-201904219
vmwareesxi
6.7:670-201904220
vmwareesxi
6.7:670-201904221
vmwareesxi
6.7:670-201904222
vmwareesxi
6.7:670-201904223
vmwareesxi
6.7:670-201904224
vmwareesxi
6.7:670-201904225
vmwareesxi
6.7:670-201904226
vmwareesxi
6.7:670-201904227
vmwareesxi
6.7:670-201904228
vmwareesxi
6.7:670-201904229
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2019-0006.html
https://www.vmware.com/security/advisories/VMSA-2019-0006.html