Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15.VMware allows users to set up virtual machines and operate various operating systems outside of the ones designed for their machines. This vulnerability exists in VMware guest mode, and could allow an attacker to cause a panic condition in VMware host, leading to a crash.
In accordance with our coordinated disclosure policy, Cisco Talos worked with VMware to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
VMware Workstation 15 shader functionality round_ni denial-of-service vulnerability (TALOS-2019-0957/CVE-2019-3958)
An exploitable denial-of-service vulnerability exists in VMware Workstation, version 15.5.0, build-14665864. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from a VMware guest and the VMware host will be affected, leading to vmware-vmx.exe process crash on the host.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that this vulnerability affects VMware Workstation 15, version 15.5.0, build-14665864, with Windows 10 x64 as guest VM.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules ma ..
Support the originator by clicking the read the rest link below.
