CVE-2019-5522
First published: Thu Jun 06 2019(Updated: )
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Tools | >=10.0.0<10.3.10 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-5522?
CVE-2019-5522 is an out of bounds read vulnerability in the vm3dmp driver of VMware Tools for Windows.
How does CVE-2019-5522 affect VMware Tools for Windows?
CVE-2019-5522 affects versions 10.2.x and 10.3.x of VMware Tools for Windows prior to 10.3.10.
Is Microsoft Windows affected by CVE-2019-5522?
No, Microsoft Windows is not affected by CVE-2019-5522.
What is the severity of CVE-2019-5522?
CVE-2019-5522 has a severity rating of 7.1 (high).
How do I fix CVE-2019-5522?
To fix CVE-2019-5522, update VMware Tools for Windows to version 10.3.10 or later.
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware tools
- version/vmware tools/10.0.0
- vendor/microsoft
- canonical/microsoft windows