. home.aspx



VMware Patches DoS, Information Disclosure Flaws in Graphics Components

April 12, 2019 / Eduard Kovacs

Patches released this week by VMware for its ESXi, Workstation and Fusion products address “important” denial-of-service (DoS) and information disclosure vulnerabilities affecting graphics components. One of the flaws, tracked as CVE-2019-5516, has been described by VMware as an out-of-bounds read bug in the vertex shader functionality. Exploitation of the flaw requires authentication and it can lead to information disclosure or a DoS condition on the virtual machine (VM). The vulnerability, reported to VMware by Piotr Bania of Cisco Talos, can only be exploited if the 3D acceleration feature is enabled on the VM. This feature is enabled by default on Fusion and Workstation, but not on ESXi. A researcher known as RanchoIce, of Tencent Security ZhanluLab, also found some out-of-bounds read vulnerabilities in a graphics component, specifically the shader translator. Exploitation of the flaw, identified as CVE-2019-5517, can also result in information disclosure and a DoS cond...