Recently, VMware has released few security updates to the Out-of-bound Read/Write Security Vulnerabilities and it addressed under few stages dedicated to their products. It is paramount to know the risks and the mitigation procedures if you are maintaining a VMware Virtualized environment.
Below CVE numbers have been assigned
- CVE-2019-5514 – Vulnerability due to certain unauthenticated APIs accessible through a web socket
- CVE-2019-5515 – Out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters
- CVE-2019-5518 – Out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface)
- CVE-2019-5519 – Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface)
- CVE-2019-5524 – Out-of-bounds write vulnerability in the e1000 virtual network adapter
- CVE-2019-5516 – Vertex shader out-of-bounds read vulnerability
- CVE-2019-5517 – multiple shader translator out-of-bounds read vulnerabilities
- CVE-2019-5520 – out-of-bounds read vulnerability
Those identified vulnerabilities addressed with the below criteria along with the products
New Update as of 12/04/2019
Vertex shader out-of-bounds read vulnerability
VMware has announced patches for ESXi, Workstation and Fusion recently for out-of-bounds vulnerability with the vertex shader functionality, Multiple shader translator and out-of-bounds read vulnerability. If there is a Virtual Machine with 3D Graphics Enabled which has access to an attacker, it may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own Virtual Machine. As a mitigation workaround disabling 3D acceleration feature is announced. This feature is not enabled by default in ESXi and enabled in Workstation and Fusion.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5516 to vertex shader out-of-bounds issue.
Below versions and patches have been released in order to mitigate the vertex shader out-of-bounds risk
These patches released to mitigate the multiple shader translator out-of-bounds read vulnerabilities and CVE-2019-5517 has assigned to this.
These patches have been released to mitigate the Out-of-bound read vulnerability and CVE-2019-5520 has assigned.
Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface) vulnerabilities in VMware products have been identified by Fluoroacetate team of Amat Cama and
Richard Zhu, working with the Pwn2Own 2019 Security Contest. They have executed a code in the underline hypervisor using a specially created web page with a Virtualized Windows 10 Client. Those vulnerabilities have been affected to VMware products such as VMware ESXi, Workstation/Player and Fusion/Pro.
Updated on 28/03/2019
VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities
VMware ESXi, workstation and Fusion products have been identified as victims for out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). This vulnerability exploits attackers to execute malicious code on the hypervisor, if there is a Virtual Machine with an attached USB controller.
Below VMware products and its versions affected and VMware released below patches in order to mitigate the risk of the vulnerability.
VMware Workstation and Fusion out-of-bounds write vulnerability in e1000 virtual network adapter
VMware workstation and Fusion versions identified as victims to out-of-bounds write vulnerability in the e1000 virtual network adapter. The affected guest may allow to execute a malicious code on the hypervisor.
CVE-2019-5524 has been assigned as the CVE identifier from the Common Vulnerabilities and Exposures project.
These are the victim products of the vulnerability and released patches to mitigate the risk
VMware Workstation and Fusion out-of-bounds write vulnerability in e1000 and e1000e virtual network adapters
VMware Workstation and Fusion identified as the victim products to the out -of-bounds write vulnerability in e1000 and e1000e virtual adapters. Exploitation of the issue may lead to an exception of a malicious code on the hypervisor but it is more likely to result in a denial of service of the guest.
CVE-2019-5515 has been assigned to this vulnerability
Below patches have been released to the respective products
VMware Fusion unauthenticated APIs Security vulnerability
CVE-2019-5514 identifier has been assigned to this vulnerability and below versions have been updated with the details
VMware Product Download Links
Here are the links to the VMware Products to upgrade the environments to protect from these vulnerabilities
Updated Versions on 12/04/2019
- ESXi 6.7
- ESXi 6.5
- VMware Workstation 14.1.6, 15.0.3
- VMware Workstation Player 14.1.6, 15.0.3
- VMware Fusion Pro / Fusion 10.1.6, 11.0.3
Updated Versions on 28/03/2019