VMware pushed out security updates covering five vulnerabilities that if exploited could lead to information disclosure or a denial of service situation.
The important-rated vulnerabilities are CVE-2019-5540, CVE-2019-5541 and CVE-2019-5542 and impact VMware Workstation Pro / Player and VMware Fusion Pro/Fusion.
- CVE-2019-5541 covers an out-of-bounds write vulnerability in e1000e virtual network adapter that could lead to lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.
- CVE-2019-5540 is an information disclosure vulnerability in vmnetdhcp that if abused could allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.
- CVE-2019-5542 refers to a denial-of-service vulnerability in the RPC handler giving attackers with normal user privileges to create a denial-of-service condition on their own VM.
The two moderate issues covered are CVE-2018-12207 and CVE-2019-11135 and effect VMware ESXi, VMware Workstation and VMware Fusion.
The first vulnerability is a machine check error on page size change where "A malicious actor with local access to execute code in a virtual machine may be able to trigger a purple diagnostic screen or immediate reboot of the Hypervisor hosting the virtual machine, resulting in a denial-of-service condition," VMware wrote.
The second security problem if exploited a malicious actor with local access to execute code in a virtual machine may be able to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself. It is pointed out that this vulnerability is only applicable to Hypervisors utilising second Generation Intel Xeon Scalable Processors.
Patches for all the vulnerabilities are available. VMware did note that the patch for CVE-2018-12207 is not enabled by default upon download, due to a possible performance impact. So admin staffers must follow the steps in the KB article in the ‘Additional Documentation’ column for the product. Performance impact data found in KB76050 should be reviewed prior to enabling this mitigation.
The original version of this article was published on SC Media US.