VMware patches 5 vulnerabilities in multiple products

VMware has published a security advisory for multiple vulnerabilities that impact VMware ESXi, Workstation, and Fusion.

Security Advisory VMSA-2019-0020

As part of security advisory VMSA-2019-0020, two (2) moderate severity vulnerabilities have been patched in VMware ESXi, Workstation and Fusion.

The first patch fixes a Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability (CVE-2018-12207).

Also, the second patch addresses hypervisor-specific mitigations for TSX Asynchronous Abort (TAA) Denial-of-Service vulnerability (CVE-2018-11135). Each of these have a CVSSv3 base score of 6.5.

Security Advisory VMSA-2019-0021

As part of security advisory VMSA-2019-0021, three (3) moderate severity vulnerabilities have been patched in VMware Workstation, Workstation Pro, Fusion Pro and Fusion products.

The highest rated issue an out-of-bounds write vulnerability in the VMware’s Workstation and Fusion virtual network adapter (CVE-2018-12207). The CVSSv3 base score is rated 8.7.

For the second, Workstation and Fusion products each contain an information disclosure vulnerability in (CVE-2019-5540). The CVSSv3 base score is rated 7.7.

Finally, VMware patched a denial-of-service vulnerability in the RPC handler (CVE-2019-5542). The CVSSv3 base score is rated 5.0.

Close Menu