Piotr Bania of Cisco Talos discovered these vulnerabilities.
Executive summary
VMware ESXi, Workstation and Fusion are affected by an out-of-bounds write vulnerability that can be triggered using a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting the VMware host, leading to a crash (denial-of-service) of the vmware-vmx.exe process on the host (TALOS-2019-0757).
However, when the host/guest systems are using an NVIDIA graphics card, the VMware denial-of-service can be turned into a code execution vulnerability (leading to a VM escape), because of an additional security issue present in NVIDIA's Windows GPU Display Driver (TALOS-2019-0779).
Moreover, two out-of-bounds write vulnerabilities that could lead to arbitrary code execution have been found on NVIDIA Windows GPU Display Driver (TALOS-2019-0812, TALOS-2019-0813). These can be triggered by a specially crafted shader file.
In accordance with our coordinated disclosure policy, Cisco Talos worked with NVIDIA and VMware to ensure that these issues are resolved and that updates available for affected customers.
Vulnerability details
VMware Workstation 15 pixel shader functionality denial of service vulnerability (TALOS-2019-0757/CVE-2019-5521)
An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host, leading to vmware-vmx.exe process crash on ..
Support the originator by clicking the read the rest link below.
