Vulnerabilities > CVE-2019-5525 - Use After Free vulnerability in VMWare Workstation

CVSS 8.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

vmware

CWE-416

nessus

NVD

Published: 2019-06-06

Updated: 2019-06-10

Summary

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workstation 15.0.0 Vmware Workstation 15.0.1 Vmware Workstation 15.0.2 Vmware Workstation 15.0.3 Vmware Workstation 15.0.4	10
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	General
NASL id	VMWARE_WORKSTATION_VMSA_2019_0009.NASL
description	The version of VMware Workstation installed on the remote Linux host is 15.0.x prior to 15.1.0. It is, therefore, affected by a use after free vulnerability in the Advanced Linux Sounds Architecture Backend. An authenticated, local attacker can exploit this, in conjunction with other issues, to execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	125883
published	2019-06-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125883
title	VMware Workstation (Linux) 15.0.x < 15.1.0 Use After Free Vulnerability (VMSA-2019-0009)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References