By Eduard Kovacs on April 12, 2019
Patches released this week by VMware for its ESXi, Workstation and Fusion products address “important” denial-of-service (DoS) and information disclosure vulnerabilities affecting graphics components.
One of the flaws, tracked as CVE-2019-5516, has been described by VMware as an out-of-bounds read bug in the vertex shader functionality. Exploitation of the flaw requires authentication and it can lead to information disclosure or a DoS condition on the virtual machine (VM).
The vulnerability, reported to VMware by Piotr Bania of Cisco Talos, can only be exploited if the 3D acceleration feature is enabled on the VM. This feature is enabled by default on Fusion and Workstation, but not on ESXi.
Full Article.
VMware Patches DoS, Information Disclosure Flaws in Graphics Components
+54Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.