Loading Posts...

[UPDATED] VMware Response To Out-of-bounds Read/Write Security Vulnerabilities

Recently, VMware has released few security updates to the Out-of-bound Read/Write Security Vulnerabilities and it addressed under few stages dedicated to their products. It is paramount to know the risks and the mitigation procedures if you are maintaining a VMware Virtualized environment.

Below CVE numbers have been assigned

  • CVE-2019-5514 – Vulnerability due to certain unauthenticated APIs accessible through a web socket
  • CVE-2019-5515 – Out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters
  • CVE-2019-5518 – Out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface)
  • CVE-2019-5519 – Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface)
  • CVE-2019-5524 – Out-of-bounds write vulnerability in the e1000 virtual network adapter
  • CVE-2019-5516 – Vertex shader out-of-bounds read vulnerability
  • CVE-2019-5517 – multiple shader translator out-of-bounds read vulnerabilities
  • CVE-2019-5520 – out-of-bounds read┬ávulnerability

Those identified vulnerabilities addressed with the below criteria along with the products

New Update as of 12/04/2019

Vertex shader out-of-bounds read vulnerability

VMware has announced patches for ESXi, Workstation and Fusion recently for out-of-bounds vulnerability with the vertex shader functionality, Multiple shader translator and out-of-bounds read vulnerability. If there is a Virtual Machine with 3D Graphics Enabled which has access to an attacker, it may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own Virtual Machine. As a mitigation workaround disabling 3D acceleration feature is announced. This feature is not enabled by default in ESXi and enabled in Workstation and Fusion.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5516 to vertex shader out-of-bounds issue.

Below versions and patches have been released in order to mitigate the vertex shader out-of-bounds risk

These patches released to mitigate the multiple shader translator out-of-bounds read vulnerabilities and CVE-2019-5517 has assigned to this.

These patches have been released to mitigate the Out-of-bound read vulnerability and CVE-2019-5520 has assigned.

Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface) vulnerabilities in VMware products have been identified by Fluoroacetate team of Amat Cama and
Richard Zhu, working with the Pwn2Own 2019 Security Contest. They have executed a code in the underline hypervisor using a specially created web page with a Virtualized Windows 10 Client. Those vulnerabilities have been affected to VMware products such as VMware ESXi, Workstation/Player and Fusion/Pro.

Updated on 28/03/2019

VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities

VMware ESXi, workstation and Fusion products have been identified as victims for out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). This vulnerability exploits attackers to execute malicious code on the hypervisor, if there is a Virtual Machine with an attached USB controller.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues.

Below VMware products and its versions affected and VMware released below patches in order to mitigate the risk of the vulnerability.

VMware Response To Out-of-bounds Read/Write Security Vulnerabilities : 1

VMware Workstation and Fusion out-of-bounds write vulnerability in e1000 virtual network adapter

VMware workstation and Fusion versions identified as victims to out-of-bounds write vulnerability in the e1000 virtual network adapter. The affected guest may allow to execute a malicious code on the hypervisor.

CVE-2019-5524 has been assigned as the CVE identifier from the Common Vulnerabilities and Exposures project.

These are the victim products of the vulnerability and released patches to mitigate the risk

VMware Response To Out-of-bounds Read/Write Security Vulnerabilities : 2

VMware Workstation and Fusion out-of-bounds write vulnerability in e1000 and e1000e virtual network adapters

VMware Workstation and Fusion identified as the victim products to the out -of-bounds write vulnerability in e1000 and e1000e virtual adapters. Exploitation of the issue may lead to an exception of a malicious code on the hypervisor but it is more likely to result in a denial of service of the guest.

CVE-2019-5515 has been assigned to this vulnerability

Below patches have been released to the respective products

VMware Response To Out-of-bounds Read/Write Security Vulnerabilities : 3

VMware Fusion unauthenticated APIs Security vulnerability

Unauthenticated API access through a web socket leaves VMware Fusion to this vulnerability. An attacker may exploits this issue by tricking the host user to execute a JavaScript to perform unauthenticated functions on the guest machine which is VMware Tools installed. This also may exploits to the command execution in the guest Operating System

CVE-2019-5514 identifier has been assigned to this vulnerability and below versions have been updated with the details

VMware Response To Out-of-bounds Read/Write Security Vulnerabilities : 4

VMware Product Download Links

Here are the links to the VMware Products to upgrade the environments to protect from these vulnerabilities

Updated Versions on 12/04/2019

Updated Versions on 28/03/2019

Aruna Lakmal

Associate Technical Specialist at Pearson, Sri Lanka. Technology junky, enthusiast, a VMware vExpert and a blogger with more than 7 years of Experience in Information Technology more focusing on VMware Virtualization, Microsoft and Datacenter Technologies.

Get Updates Directly To Your Inbox!

   

Leave a Reply

Loading Posts...