3a. VMware Tools for Windows out of bounds read vulnerability - CVE-2019-5522
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10.
3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525
VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
CPE | Name | Operator | Version |
---|---|---|---|
vmware tools | lt | 10.3.10 | |
workstation | lt | 15.1.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5525
docs.vmware.com/en/VMware-Tools/index.html
docs.vmware.com/en/VMware-Workstation-Player/index.html
docs.vmware.com/en/VMware-Workstation-Pro/index.html
my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=742
www.vmware.com/go/downloadplayer
www.vmware.com/go/downloadworkstation