VMware has released a new security advisory VMSA-2019-0019 (VMware ESXi, Workstation, and Fusion updates address a denial-of-service vulnerability).
This advisory documents the remediation of one issue, rated with a severity of moderate. VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VMs.
Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. By default, this functionality is not enabled on ESXi and is enabled on Workstation and Fusion.
The identifier CVE-2019-5536 was assigned to this vulnerability.
Affected products and resolutions:
- ESXi 6.7 – apply patch ESXi670-201908101-SG
- ESXi 6.5 – apply patch ESXi650-201910401-SG
- Workstation 15.x – update to 15.5.0
- Fusion 11.x – update to 11.5.0
The workaround for this issue involves disabling the 3D-acceleration feature.
Disable 3D-acceleration on ESXi
- With Host Client or vCenter, go to the individual VM > Edit Settings > Virtual hardware > Video card.
- If the “3D Graphics” is checked then 3D-acceleration feature is enabled.
Disable 3D-acceleration on Workstation
- Select virtual machine and select VM > Settings.
- On the Hardware tab, select Display.
- If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.
Disable 3D-acceleration on Fusion
- From the VMware Fusion menu bar, select Window > Virtual Machine Library.
- Select a virtual machine and click Settings.
- In the Settings Window > select Display.
- If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.
Recent Comments