Vulnerability Description
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Tools | >= 10.0.0, < 10.3.10 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108673Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2019-0009.htmlVendor Advisory
- http://www.securityfocus.com/bid/108673Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2019-0009.htmlVendor Advisory
FAQ
What is CVE-2019-5522?
CVE-2019-5522 is a vulnerability with a CVSS score of 7.1 (HIGH). VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 1...
How severe is CVE-2019-5522?
CVE-2019-5522 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5522?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Tools, Microsoft Windows.