VMware announced on Thursday that it has patched two high-severity vulnerabilities in its Tools and Workstation software.
The first security hole, CVE-2019-5522, impacts VMware Tools 10.x on Windows and it has been described as an out-of-bounds read issue in the vm3dmp driver, which is installed in Windows guest machines.
“A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine,” VMware said in its advisory.
The flaw, reported to VMware by researchers ChenNan and RanchoIce of Tencent ZhanluLab, has been patched with the release of version 10.3.10. Workarounds are not available.
The second vulnerability, CVE-2019-5525, is a use-after-free bug affecting the Advanced Linux Sound Architecture (ALSA) backend in Workstation 15.x. VMware says the weakness could allow an attacker with normal user privileges on the guest machine to execute arbitrary code on the Linux host on which Workstation is installed. However, code execution can only be achieved if this flaw is combined with another vulnerability.
VMware Workstation 15.1.0 for Linux fixes the vulnerability. Brice L’helgouarc’h of Amossys has been credited for reporting the flaw to the vendor.
The vulnerabilities are “high severity” based on their CVSS score and VMware has rated them “important.”