Vulnerabilities > CVE-2019-5525 - Use After Free vulnerability in VMWare Workstation

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
vmware
linux
CWE-416
nessus

Summary

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Common Weakness Enumeration (CWE)

Nessus

NASL familyGeneral
NASL idVMWARE_WORKSTATION_VMSA_2019_0009.NASL
descriptionThe version of VMware Workstation installed on the remote Linux host is 15.0.x prior to 15.1.0. It is, therefore, affected by a use after free vulnerability in the Advanced Linux Sounds Architecture Backend. An authenticated, local attacker can exploit this, in conjunction with other issues, to execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-06-01
modified2020-06-02
plugin id125883
published2019-06-14
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/125883
titleVMware Workstation (Linux) 15.0.x < 15.1.0 Use After Free Vulnerability (VMSA-2019-0009)