Vulnerability Description
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Tools | <= 10.0.8 |
| Apple | Mac Os X | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93886Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037102
- http://www.vmware.com/security/advisories/VMSA-2016-0017.htmlVendor Advisory
- http://www.securityfocus.com/bid/93886Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037102
- http://www.vmware.com/security/advisories/VMSA-2016-0017.htmlVendor Advisory
FAQ
What is CVE-2016-5328?
CVE-2016-5328 is a vulnerability with a CVSS score of 5.5 (MEDIUM). VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism vi...
How severe is CVE-2016-5328?
CVE-2016-5328 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5328?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Tools, Apple Mac Os X.