Vulnerability Spotlight: Denial of service in VMWare Workstation 15

Piotr Bania of Cisco Talos discovered this vulnerability.

Executive summary

VMware Workstation 15 contains an exploitable denial-of-service vulnerability. Workstation allows users to run multiple operating systems on a Linux or Windows PC. An attacker could trigger this particular vulnerability from VMware guest user mode to cause a denial-of-service condition through an out-of-bounds read. This vulnerability only affects Windows machines.

In accordance with our coordinated disclosure policy, Cisco Talos worked with VMware to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

VMware Workstation 15 vertex shader functionality denial-of-service vulnerability (TALOS-2018-0762/CVE-2019-5516)

An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted vertex shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host, leading to a vmware-vmx.exe process crash on host.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that VMware Workstation 15 (15.0.2 build-10952284) with Windows 10 x64 as guestVM is affected by this vulnerability.

CoverageThe following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 49045, 49046