Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
VMware Patches Vulnerabilities in Tools, Workstation
#1
Quote:VMware announced on Thursday that it has patched two high-severity vulnerabilities in its Tools and Workstation software.
 
The first security hole, CVE-2019-5522, impacts VMware Tools 10.x on Windows and it has been described as an out-of-bounds read issue in the vm3dmp driver, which is installed in Windows guest machines.
 
“A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine,” VMware said in its advisory.
 
The flaw, reported to VMware by researchers ChenNan and RanchoIce of Tencent ZhanluLab, has been patched with the release of version 10.3.10. Workarounds are not available.

The second vulnerability, CVE-2019-5525, is a use-after-free bug affecting the Advanced Linux Sound Architecture (ALSA) backend in Workstation 15.x. VMware says the weakness could allow an attacker with normal user privileges on the guest machine to execute arbitrary code on the Linux host on which Workstation is installed. However, code execution can only be achieved if this flaw is combined with another vulnerability.

SOURCE: https://www.securityweek.com/vmware-patc...orkstation
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AOMEI BackUpper 7.3.4
Version 7.3.4 (Mar...harlan4096 — 10:35
FastCopy 5.7.3
FastCopy 5.7.3: ...harlan4096 — 10:32
Antivirus Removal Tool 2024.03 (v.1)
Antivirus Removal ...harlan4096 — 06:49
Microsoft shows another Bing popup adver...
Microsoft has done...harlan4096 — 06:47
Free Download Manager 6.21.0.5629
Changes in 6.21.0.5...harlan4096 — 08:01

[-]
Birthdays
Today's Birthdays
avatar (41)Hectorvot
avatar (49)knowhanPluts
avatar (37)Williamengiz
Upcoming Birthdays
avatar (42)gapedDow
avatar (36)snorydar
avatar (44)qaqapeti
avatar (42)battsourIonix
avatar (41)CedricSek
avatar (36)Charlesfibre
avatar (41)artmaGoork

[-]
Online Staff
There are no staff members currently online.

>