CVE-2019-5517
First published: Mon Apr 15 2019(Updated: )
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion | >=10.0.0<10.1.6 | |
| VMware Fusion | >=11.0.0<11.0.3 | |
| VMware Workstation and ESXi | >=14.0.0<14.1.6 | |
| VMware Workstation and ESXi | >=15.0.0<15.0.3 | |
| VMware ESXi and Horizon DaaS | =6.5 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201701001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201703001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201703002 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201704001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707101 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707102 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707103 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707201 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707202 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707203 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707204 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707205 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707206 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707207 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707208 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707209 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707210 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707211 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707212 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707213 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707214 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707215 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707216 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707217 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707218 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707219 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707220 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201707221 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201710001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201712001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201803001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201806001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201808001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201810001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201810002 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201811001 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201811002 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201811301 | |
| VMware ESXi and Horizon DaaS | =6.5-650-201901001 | |
| VMware ESXi and Horizon DaaS | =6.7 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201806001 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201807001 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201808001 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810001 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810101 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810102 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810103 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810201 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810202 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810203 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810204 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810205 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810206 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810207 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810208 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810209 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810210 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810211 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810212 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810213 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810214 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810215 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810216 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810217 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810218 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810219 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810220 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810221 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810222 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810223 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810224 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810225 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810226 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810227 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810228 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810229 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810230 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810231 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810232 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810233 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201810234 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201811001 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201901001 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201901401 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201901402 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201901403 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904201 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904202 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904203 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904204 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904205 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904206 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904207 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904208 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904209 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904210 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904211 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904212 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904213 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904214 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904215 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904216 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904217 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904218 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904219 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904220 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904221 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904222 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904223 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904224 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904225 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904226 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904227 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904228 | |
| VMware ESXi and Horizon DaaS | =6.7-670-201904229 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5517?
CVE-2019-5517 has a moderate severity rating as it allows potential exploitation of the vulnerability in VMware products.
How do I fix CVE-2019-5517?
To fix CVE-2019-5517, update affected VMware products to the latest versions as specified in VMware's security advisory.
Which VMware products are affected by CVE-2019-5517?
CVE-2019-5517 affects VMware ESXi versions 6.5 and 6.7, as well as VMware Workstation and Fusion versions prior to their respective updates.
What types of vulnerabilities does CVE-2019-5517 include?
CVE-2019-5517 includes multiple out-of-bounds read vulnerabilities in the shader translator of the affected VMware products.
What can an attacker achieve by exploiting CVE-2019-5517?
An attacker exploiting CVE-2019-5517 may gain unauthorized access to sensitive information or cause denial of service in affected VMware applications.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware fusion
- version/vmware fusion/10.0.0
- version/vmware fusion/11.0.0
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/14.0.0
- version/vmware workstation and esxi/15.0.0
- canonical/vmware esxi and horizon daas
- version/vmware esxi and horizon daas/6.5
- version/vmware esxi and horizon daas/6.5-650-201701001
- version/vmware esxi and horizon daas/6.5-650-201703001
- version/vmware esxi and horizon daas/6.5-650-201703002
- version/vmware esxi and horizon daas/6.5-650-201704001
- version/vmware esxi and horizon daas/6.5-650-201707101
- version/vmware esxi and horizon daas/6.5-650-201707102
- version/vmware esxi and horizon daas/6.5-650-201707103
- version/vmware esxi and horizon daas/6.5-650-201707201
- version/vmware esxi and horizon daas/6.5-650-201707202
- version/vmware esxi and horizon daas/6.5-650-201707203
- version/vmware esxi and horizon daas/6.5-650-201707204
- version/vmware esxi and horizon daas/6.5-650-201707205
- version/vmware esxi and horizon daas/6.5-650-201707206
- version/vmware esxi and horizon daas/6.5-650-201707207
- version/vmware esxi and horizon daas/6.5-650-201707208
- version/vmware esxi and horizon daas/6.5-650-201707209
- version/vmware esxi and horizon daas/6.5-650-201707210
- version/vmware esxi and horizon daas/6.5-650-201707211
- version/vmware esxi and horizon daas/6.5-650-201707212
- version/vmware esxi and horizon daas/6.5-650-201707213
- version/vmware esxi and horizon daas/6.5-650-201707214
- version/vmware esxi and horizon daas/6.5-650-201707215
- version/vmware esxi and horizon daas/6.5-650-201707216
- version/vmware esxi and horizon daas/6.5-650-201707217
- version/vmware esxi and horizon daas/6.5-650-201707218
- version/vmware esxi and horizon daas/6.5-650-201707219
- version/vmware esxi and horizon daas/6.5-650-201707220
- version/vmware esxi and horizon daas/6.5-650-201707221
- version/vmware esxi and horizon daas/6.5-650-201710001
- version/vmware esxi and horizon daas/6.5-650-201712001
- version/vmware esxi and horizon daas/6.5-650-201803001
- version/vmware esxi and horizon daas/6.5-650-201806001
- version/vmware esxi and horizon daas/6.5-650-201808001
- version/vmware esxi and horizon daas/6.5-650-201810001
- version/vmware esxi and horizon daas/6.5-650-201810002
- version/vmware esxi and horizon daas/6.5-650-201811001
- version/vmware esxi and horizon daas/6.5-650-201811002
- version/vmware esxi and horizon daas/6.5-650-201811301
- version/vmware esxi and horizon daas/6.5-650-201901001
- version/vmware esxi and horizon daas/6.7
- version/vmware esxi and horizon daas/6.7-670-201806001
- version/vmware esxi and horizon daas/6.7-670-201807001
- version/vmware esxi and horizon daas/6.7-670-201808001
- version/vmware esxi and horizon daas/6.7-670-201810001
- version/vmware esxi and horizon daas/6.7-670-201810101
- version/vmware esxi and horizon daas/6.7-670-201810102
- version/vmware esxi and horizon daas/6.7-670-201810103
- version/vmware esxi and horizon daas/6.7-670-201810201
- version/vmware esxi and horizon daas/6.7-670-201810202
- version/vmware esxi and horizon daas/6.7-670-201810203
- version/vmware esxi and horizon daas/6.7-670-201810204
- version/vmware esxi and horizon daas/6.7-670-201810205
- version/vmware esxi and horizon daas/6.7-670-201810206
- version/vmware esxi and horizon daas/6.7-670-201810207
- version/vmware esxi and horizon daas/6.7-670-201810208
- version/vmware esxi and horizon daas/6.7-670-201810209
- version/vmware esxi and horizon daas/6.7-670-201810210
- version/vmware esxi and horizon daas/6.7-670-201810211
- version/vmware esxi and horizon daas/6.7-670-201810212
- version/vmware esxi and horizon daas/6.7-670-201810213
- version/vmware esxi and horizon daas/6.7-670-201810214
- version/vmware esxi and horizon daas/6.7-670-201810215
- version/vmware esxi and horizon daas/6.7-670-201810216
- version/vmware esxi and horizon daas/6.7-670-201810217
- version/vmware esxi and horizon daas/6.7-670-201810218
- version/vmware esxi and horizon daas/6.7-670-201810219
- version/vmware esxi and horizon daas/6.7-670-201810220
- version/vmware esxi and horizon daas/6.7-670-201810221
- version/vmware esxi and horizon daas/6.7-670-201810222
- version/vmware esxi and horizon daas/6.7-670-201810223
- version/vmware esxi and horizon daas/6.7-670-201810224
- version/vmware esxi and horizon daas/6.7-670-201810225
- version/vmware esxi and horizon daas/6.7-670-201810226
- version/vmware esxi and horizon daas/6.7-670-201810227
- version/vmware esxi and horizon daas/6.7-670-201810228
- version/vmware esxi and horizon daas/6.7-670-201810229
- version/vmware esxi and horizon daas/6.7-670-201810230
- version/vmware esxi and horizon daas/6.7-670-201810231
- version/vmware esxi and horizon daas/6.7-670-201810232
- version/vmware esxi and horizon daas/6.7-670-201810233
- version/vmware esxi and horizon daas/6.7-670-201810234
- version/vmware esxi and horizon daas/6.7-670-201811001
- version/vmware esxi and horizon daas/6.7-670-201901001
- version/vmware esxi and horizon daas/6.7-670-201901401
- version/vmware esxi and horizon daas/6.7-670-201901402
- version/vmware esxi and horizon daas/6.7-670-201901403
- version/vmware esxi and horizon daas/6.7-670-201904201
- version/vmware esxi and horizon daas/6.7-670-201904202
- version/vmware esxi and horizon daas/6.7-670-201904203
- version/vmware esxi and horizon daas/6.7-670-201904204
- version/vmware esxi and horizon daas/6.7-670-201904205
- version/vmware esxi and horizon daas/6.7-670-201904206
- version/vmware esxi and horizon daas/6.7-670-201904207
- version/vmware esxi and horizon daas/6.7-670-201904208
- version/vmware esxi and horizon daas/6.7-670-201904209
- version/vmware esxi and horizon daas/6.7-670-201904210
- version/vmware esxi and horizon daas/6.7-670-201904211
- version/vmware esxi and horizon daas/6.7-670-201904212
- version/vmware esxi and horizon daas/6.7-670-201904213
- version/vmware esxi and horizon daas/6.7-670-201904214
- version/vmware esxi and horizon daas/6.7-670-201904215
- version/vmware esxi and horizon daas/6.7-670-201904216
- version/vmware esxi and horizon daas/6.7-670-201904217
- version/vmware esxi and horizon daas/6.7-670-201904218
- version/vmware esxi and horizon daas/6.7-670-201904219
- version/vmware esxi and horizon daas/6.7-670-201904220
- version/vmware esxi and horizon daas/6.7-670-201904221
- version/vmware esxi and horizon daas/6.7-670-201904222
- version/vmware esxi and horizon daas/6.7-670-201904223
- version/vmware esxi and horizon daas/6.7-670-201904224
- version/vmware esxi and horizon daas/6.7-670-201904225
- version/vmware esxi and horizon daas/6.7-670-201904226
- version/vmware esxi and horizon daas/6.7-670-201904227
- version/vmware esxi and horizon daas/6.7-670-201904228
- version/vmware esxi and horizon daas/6.7-670-201904229