What is the severity of CVE-2019-5519?

CVE-2019-5519 is rated as a high-severity vulnerability that allows local attackers to escalate privileges.

How do I fix CVE-2019-5519?

To mitigate CVE-2019-5519, it's essential to apply the latest security patches from VMware for affected products.

Which VMware products are affected by CVE-2019-5519?

CVE-2019-5519 impacts VMware Workstation, VMware Fusion, and specific versions of VMware ESXi.

What type of attack can exploit CVE-2019-5519?

CVE-2019-5519 can be exploited through local privilege escalation by executing low-privileged code.

Vulnerability/
CVE-2019-5519

high

7.8

CWE

367

1/4/2019

4/8/2024

21/11/2024

CVE-2019-5519: (Pwn2Own) VMware Workstation UHCI Race Condition Privilege Escalation Vulnerability

Q: Is it necessary to have elevated privileges to exploit CVE-2019-5519?

Yes, an attacker must first gain the ability to execute low-privileged code on the target system to exploit CVE-2019-5519.

First published: Mon Apr 01 2019(Updated: )

This vulnerability allows local attackers to escalate privileges on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of data sent to UHCI endpoints. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.

Credit: security@vmware.com security@vmware.com

Affected Software	Affected Version	How to fix
VMware Workstation
VMware Fusion Pro	>=10.0.0<10.1.6
VMware Fusion Pro	>=11.0.0<11.0.3
VMware Workstation	>=14.0.0<14.1.7
VMware Workstation	>=15.0.0<15.0.4
VMware ESXi	=6.0
VMware ESXi	=6.0-600-201811001
VMware ESXi	=6.0-600-201811401
VMware ESXi	=6.5
VMware ESXi	=6.5-650-201707101
VMware ESXi	=6.5-650-201707102
VMware ESXi	=6.5-650-201707103
VMware ESXi	=6.5-650-201707201
VMware ESXi	=6.5-650-201707202
VMware ESXi	=6.5-650-201707203
VMware ESXi	=6.5-650-201707204
VMware ESXi	=6.5-650-201707205
VMware ESXi	=6.5-650-201707206
VMware ESXi	=6.5-650-201707207
VMware ESXi	=6.5-650-201707208
VMware ESXi	=6.5-650-201707209
VMware ESXi	=6.5-650-201707210
VMware ESXi	=6.5-650-201707211
VMware ESXi	=6.5-650-201707212
VMware ESXi	=6.5-650-201707213
VMware ESXi	=6.5-650-201707214
VMware ESXi	=6.5-650-201707215
VMware ESXi	=6.5-650-201707216
VMware ESXi	=6.5-650-201707217
VMware ESXi	=6.5-650-201707218
VMware ESXi	=6.5-650-201707219
VMware ESXi	=6.5-650-201707220
VMware ESXi	=6.5-650-201707221
VMware ESXi	=6.5-650-201811001
VMware ESXi	=6.5-650-201811301
VMware ESXi	=6.7
VMware ESXi	=6.7-670-201810101
VMware ESXi	=6.7-670-201810102
VMware ESXi	=6.7-670-201810103
VMware ESXi	=6.7-670-201810201
VMware ESXi	=6.7-670-201810202
VMware ESXi	=6.7-670-201810203
VMware ESXi	=6.7-670-201810204
VMware ESXi	=6.7-670-201810205
VMware ESXi	=6.7-670-201810206
VMware ESXi	=6.7-670-201810207
VMware ESXi	=6.7-670-201810208
VMware ESXi	=6.7-670-201810209
VMware ESXi	=6.7-670-201810210
VMware ESXi	=6.7-670-201810211
VMware ESXi	=6.7-670-201810212
VMware ESXi	=6.7-670-201810213
VMware ESXi	=6.7-670-201810214
VMware ESXi	=6.7-670-201810215
VMware ESXi	=6.7-670-201810216
VMware ESXi	=6.7-670-201810217
VMware ESXi	=6.7-670-201810218
VMware ESXi	=6.7-670-201810219
VMware ESXi	=6.7-670-201810220
VMware ESXi	=6.7-670-201810221
VMware ESXi	=6.7-670-201810222
VMware ESXi	=6.7-670-201810223
VMware ESXi	=6.7-670-201810224
VMware ESXi	=6.7-670-201810225
VMware ESXi	=6.7-670-201810226
VMware ESXi	=6.7-670-201810227
VMware ESXi	=6.7-670-201810228
VMware ESXi	=6.7-670-201810229
VMware ESXi	=6.7-670-201810230
VMware ESXi	=6.7-670-201810231
VMware ESXi	=6.7-670-201810232
VMware ESXi	=6.7-670-201810233
VMware ESXi	=6.7-670-201810234
VMware ESXi	=6.7-670-201901401
VMware ESXi	=6.7-670-201901402
VMware ESXi	=6.7-670-201901403

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-5519?
CVE-2019-5519 is rated as a high-severity vulnerability that allows local attackers to escalate privileges.
How do I fix CVE-2019-5519?
To mitigate CVE-2019-5519, it's essential to apply the latest security patches from VMware for affected products.
Which VMware products are affected by CVE-2019-5519?
CVE-2019-5519 impacts VMware Workstation, VMware Fusion, and specific versions of VMware ESXi.
What type of attack can exploit CVE-2019-5519?
CVE-2019-5519 can be exploited through local privilege escalation by executing low-privileged code.
Is it necessary to have elevated privileges to exploit CVE-2019-5519?
Yes, an attacker must first gain the ability to execute low-privileged code on the target system to exploit CVE-2019-5519.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/title
agent/weakness
agent/description
agent/first-publish-date
collector/zdi-advisory
source/ZDI
alias/ZDI-19-420
alias/ZDI-CAN-8364
alias/CVE-2019-5519
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/softwarecombine
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/vmware
canonical/vmware workstation
canonical/vmware fusion pro
version/vmware fusion pro/10.0.0
version/vmware fusion pro/11.0.0
version/vmware workstation/14.0.0
version/vmware workstation/15.0.0
canonical/vmware esxi
version/vmware esxi/6.0
version/vmware esxi/6.0-600-201811001
version/vmware esxi/6.0-600-201811401
version/vmware esxi/6.5
version/vmware esxi/6.5-650-201707101
version/vmware esxi/6.5-650-201707102
version/vmware esxi/6.5-650-201707103
version/vmware esxi/6.5-650-201707201
version/vmware esxi/6.5-650-201707202
version/vmware esxi/6.5-650-201707203
version/vmware esxi/6.5-650-201707204
version/vmware esxi/6.5-650-201707205
version/vmware esxi/6.5-650-201707206
version/vmware esxi/6.5-650-201707207
version/vmware esxi/6.5-650-201707208
version/vmware esxi/6.5-650-201707209
version/vmware esxi/6.5-650-201707210
version/vmware esxi/6.5-650-201707211
version/vmware esxi/6.5-650-201707212
version/vmware esxi/6.5-650-201707213
version/vmware esxi/6.5-650-201707214
version/vmware esxi/6.5-650-201707215
version/vmware esxi/6.5-650-201707216
version/vmware esxi/6.5-650-201707217
version/vmware esxi/6.5-650-201707218
version/vmware esxi/6.5-650-201707219
version/vmware esxi/6.5-650-201707220
version/vmware esxi/6.5-650-201707221
version/vmware esxi/6.5-650-201811001
version/vmware esxi/6.5-650-201811301
version/vmware esxi/6.7
version/vmware esxi/6.7-670-201810101
version/vmware esxi/6.7-670-201810102
version/vmware esxi/6.7-670-201810103
version/vmware esxi/6.7-670-201810201
version/vmware esxi/6.7-670-201810202
version/vmware esxi/6.7-670-201810203
version/vmware esxi/6.7-670-201810204
version/vmware esxi/6.7-670-201810205
version/vmware esxi/6.7-670-201810206
version/vmware esxi/6.7-670-201810207
version/vmware esxi/6.7-670-201810208
version/vmware esxi/6.7-670-201810209
version/vmware esxi/6.7-670-201810210
version/vmware esxi/6.7-670-201810211
version/vmware esxi/6.7-670-201810212
version/vmware esxi/6.7-670-201810213
version/vmware esxi/6.7-670-201810214
version/vmware esxi/6.7-670-201810215
version/vmware esxi/6.7-670-201810216
version/vmware esxi/6.7-670-201810217
version/vmware esxi/6.7-670-201810218
version/vmware esxi/6.7-670-201810219
version/vmware esxi/6.7-670-201810220
version/vmware esxi/6.7-670-201810221
version/vmware esxi/6.7-670-201810222
version/vmware esxi/6.7-670-201810223
version/vmware esxi/6.7-670-201810224
version/vmware esxi/6.7-670-201810225
version/vmware esxi/6.7-670-201810226
version/vmware esxi/6.7-670-201810227
version/vmware esxi/6.7-670-201810228
version/vmware esxi/6.7-670-201810229
version/vmware esxi/6.7-670-201810230
version/vmware esxi/6.7-670-201810231
version/vmware esxi/6.7-670-201810232
version/vmware esxi/6.7-670-201810233
version/vmware esxi/6.7-670-201810234
version/vmware esxi/6.7-670-201901401
version/vmware esxi/6.7-670-201901402
version/vmware esxi/6.7-670-201901403

CVE-2019-5519: (Pwn2Own) VMware Workstation UHCI Race Condition Privilege Escalation Vulnerability

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-5519?

How do I fix CVE-2019-5519?

Which VMware products are affected by CVE-2019-5519?

What type of attack can exploit CVE-2019-5519?

Is it necessary to have elevated privileges to exploit CVE-2019-5519?

Company

Resources

Contact