CVE-2019-5521

Description

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Risk Information

Base Score

9.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

EPSS Score

Exploitation Probability

0.418

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2019-5521, CVE-2019-5684 are fixed in VMware Workstation (15.0.3)	Windows
Vulnerabilities CVE-2019-5521, CVE-2019-5684 are fixed in VMware Workstation (14.1.6)	Windows
Multiple Vulnerabilities are affected in VMware Fusion for MAC 11.0.2	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 10.1.5	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234