CVE-2016-5329: Infoleak
First published: Thu Dec 29 2016(Updated: )
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion Pro | =8.0.0 | |
| VMware Fusion Pro | =8.0.1 | |
| VMware Fusion Pro | =8.0.2 | |
| VMware Fusion Pro | =8.1.0 | |
| VMware Fusion Pro | =8.1.1 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5329?
CVE-2016-5329 is classified as a medium severity vulnerability.
How do I fix CVE-2016-5329?
To fix CVE-2016-5329, update VMware Fusion to version 8.5 or later.
What does CVE-2016-5329 allow attackers to do?
CVE-2016-5329 allows local users to determine kernel memory addresses and bypass the kASLR protection.
Which versions of VMware Fusion are affected by CVE-2016-5329?
CVE-2016-5329 affects VMware Fusion versions 8.0.0, 8.0.1, 8.0.2, 8.1.0, and 8.1.1.
What is necessary for CVE-2016-5329 to be exploitable?
CVE-2016-5329 is exploitable when System Integrity Protection (SIP) is enabled on OS X.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware fusion pro
- version/vmware fusion pro/8.0.0
- version/vmware fusion pro/8.0.1
- version/vmware fusion pro/8.0.2
- version/vmware fusion pro/8.1.0
- version/vmware fusion pro/8.1.1
- vendor/apple
- canonical/apple ios and macos