Vulnerability Description
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | >= 15.0.0, < 15.1.0 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108674Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2019-0009.htmlVendor Advisory
- http://www.securityfocus.com/bid/108674Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2019-0009.htmlVendor Advisory
FAQ
What is CVE-2019-5525?
CVE-2019-5525 is a vulnerability with a CVSS score of 8.8 (HIGH). VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machi...
How severe is CVE-2019-5525?
CVE-2019-5525 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5525?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation, Linux Linux Kernel.