Lucene search

[email protected]CVE-2019-5536

HistoryOct 28, 2019 - 4:15 p.m.

CVE-2019-5536

2019-10-2816:15:14

[email protected]

web.nvd.nist.gov

cve-2019-5536

vmware

esxi

workstation

fusion

denial-of-service

vulnerability

shader

3d graphics

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Affected configurations

NVD

Node

vmwarefusionRange11.0.0–11.5.0

vmwareworkstationRange15.0.0–15.5.0

Node

vmwareesxiMatch6.5-

vmwareesxiMatch6.5650-201701001

vmwareesxiMatch6.5650-201703001

vmwareesxiMatch6.5650-201703002

vmwareesxiMatch6.5650-201704001

vmwareesxiMatch6.5650-201707101

vmwareesxiMatch6.5650-201707102

vmwareesxiMatch6.5650-201707103

vmwareesxiMatch6.5650-201707201

vmwareesxiMatch6.5650-201707202

vmwareesxiMatch6.5650-201707203

vmwareesxiMatch6.5650-201707204

vmwareesxiMatch6.5650-201707205

vmwareesxiMatch6.5650-201707206

vmwareesxiMatch6.5650-201707207

vmwareesxiMatch6.5650-201707208

vmwareesxiMatch6.5650-201707209

vmwareesxiMatch6.5650-201707210

vmwareesxiMatch6.5650-201707211

vmwareesxiMatch6.5650-201707212

vmwareesxiMatch6.5650-201707213

vmwareesxiMatch6.5650-201707214

vmwareesxiMatch6.5650-201707215

vmwareesxiMatch6.5650-201707216

vmwareesxiMatch6.5650-201707217

vmwareesxiMatch6.5650-201707218

vmwareesxiMatch6.5650-201707219

vmwareesxiMatch6.5650-201707220

vmwareesxiMatch6.5650-201707221

vmwareesxiMatch6.5650-201710001

vmwareesxiMatch6.5650-201712001

vmwareesxiMatch6.5650-201803001

vmwareesxiMatch6.5650-201806001

vmwareesxiMatch6.5650-201808001

vmwareesxiMatch6.5650-201810001

vmwareesxiMatch6.5650-201810002

vmwareesxiMatch6.5650-201811001

vmwareesxiMatch6.5650-201811002

vmwareesxiMatch6.5650-201811301

vmwareesxiMatch6.5650-201901001

vmwareesxiMatch6.5650-201903001

vmwareesxiMatch6.5650-201905001

vmwareesxiMatch6.5650-201908001

vmwareesxiMatch6.5650-201910001

vmwareesxiMatch6.5650-20191004001

vmwareesxiMatch6.7-

vmwareesxiMatch6.7670-201806001

vmwareesxiMatch6.7670-201807001

vmwareesxiMatch6.7670-201808001

vmwareesxiMatch6.7670-201810001

vmwareesxiMatch6.7670-201810101

vmwareesxiMatch6.7670-201810102

vmwareesxiMatch6.7670-201810103

vmwareesxiMatch6.7670-201810201

vmwareesxiMatch6.7670-201810202

vmwareesxiMatch6.7670-201810203

vmwareesxiMatch6.7670-201810204

vmwareesxiMatch6.7670-201810205

vmwareesxiMatch6.7670-201810206

vmwareesxiMatch6.7670-201810207

vmwareesxiMatch6.7670-201810208

vmwareesxiMatch6.7670-201810209

vmwareesxiMatch6.7670-201810210

vmwareesxiMatch6.7670-201810211

vmwareesxiMatch6.7670-201810212

vmwareesxiMatch6.7670-201810213

vmwareesxiMatch6.7670-201810214

vmwareesxiMatch6.7670-201810215

vmwareesxiMatch6.7670-201810216

vmwareesxiMatch6.7670-201810217

vmwareesxiMatch6.7670-201810218

vmwareesxiMatch6.7670-201810219

vmwareesxiMatch6.7670-201810220

vmwareesxiMatch6.7670-201810221

vmwareesxiMatch6.7670-201810222

vmwareesxiMatch6.7670-201810223

vmwareesxiMatch6.7670-201810224

vmwareesxiMatch6.7670-201810225

vmwareesxiMatch6.7670-201810226

vmwareesxiMatch6.7670-201810227

vmwareesxiMatch6.7670-201810228

vmwareesxiMatch6.7670-201810229

vmwareesxiMatch6.7670-201810230

vmwareesxiMatch6.7670-201810231

vmwareesxiMatch6.7670-201810232

vmwareesxiMatch6.7670-201810233

vmwareesxiMatch6.7670-201810234

vmwareesxiMatch6.7670-201811001

vmwareesxiMatch6.7670-201901001

vmwareesxiMatch6.7670-201901401

vmwareesxiMatch6.7670-201901402

vmwareesxiMatch6.7670-201901403

vmwareesxiMatch6.7670-201903001

vmwareesxiMatch6.7670-201904001

vmwareesxiMatch6.7670-201904201

vmwareesxiMatch6.7670-201904202

vmwareesxiMatch6.7670-201904203

vmwareesxiMatch6.7670-201904204

vmwareesxiMatch6.7670-201904205

vmwareesxiMatch6.7670-201904206

vmwareesxiMatch6.7670-201904207

vmwareesxiMatch6.7670-201904208

vmwareesxiMatch6.7670-201904209

vmwareesxiMatch6.7670-201904210

vmwareesxiMatch6.7670-201904211

vmwareesxiMatch6.7670-201904212

vmwareesxiMatch6.7670-201904213

vmwareesxiMatch6.7670-201904214

vmwareesxiMatch6.7670-201904215

vmwareesxiMatch6.7670-201904216

vmwareesxiMatch6.7670-201904217

vmwareesxiMatch6.7670-201904218

vmwareesxiMatch6.7670-201904219

vmwareesxiMatch6.7670-201904220

vmwareesxiMatch6.7670-201904221

vmwareesxiMatch6.7670-201904222

vmwareesxiMatch6.7670-201904223

vmwareesxiMatch6.7670-201904224

vmwareesxiMatch6.7670-201904225

vmwareesxiMatch6.7670-201904226

vmwareesxiMatch6.7670-201904227

vmwareesxiMatch6.7670-201904228

vmwareesxiMatch6.7670-201904229

vmwareesxiMatch6.7670-201905001

vmwareesxiMatch6.7670-201906002

CPENameOperatorVersion
vmware:fusionvmware fusionlt11.5.0
vmware:workstationvmware workstationlt15.5.0

CPE	Name	Operator	Version
vmware:fusion	vmware fusion	lt	11.5.0
vmware:workstation	vmware workstation	lt	15.5.0

CNA Affected

[
  {
    "product": "VMware ESXi, Workstation and Fusion",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0)"
      }
    ]
  }
]