CVE-2019-5525: Use After Free
First published: Thu Jun 06 2019(Updated: )
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation | >=15.0.0<15.1.0 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-5525?
The severity of CVE-2019-5525 is high, with a severity value of 8.8.
How does CVE-2019-5525 affect VMware Workstation?
CVE-2019-5525 affects VMware Workstation versions 15.x before 15.1.0, exposing a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend.
Can a malicious user execute code on the Linux host with this vulnerability?
Yes, a malicious user with normal user privileges on the guest machine may exploit CVE-2019-5525 in conjunction with other issues to execute code on the Linux host where VMware Workstation is installed.
Is Linux Linux kernel affected by CVE-2019-5525?
No, Linux Linux kernel is not affected by CVE-2019-5525.
How can I mitigate the vulnerability in VMware Workstation?
To mitigate the vulnerability, users should update their VMware Workstation to version 15.1.0 or later.
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- vendor/vmware
- canonical/vmware workstation
- version/vmware workstation/15.0.0
- vendor/linux
- canonical/linux linux kernel