VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Metrics
No CVSS v4.0
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Partial
AV:N/AC:M/Au:N/C:P/I:N/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Vmware |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2019-04-15T17:20:08
Updated: 2024-08-04T20:01:51.289Z
Reserved: 2019-01-07T00:00:00
Link: CVE-2019-5517
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-15T18:29:01.177
Modified: 2024-11-21T04:45:05.617
Link: CVE-2019-5517
Redhat
No data.