====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN335

_____________________________________________________________________

DATE                : 25/10/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware ESXi versions 6,
                        VMware Workstation versions 15.x,
                        VMware Fusion versions 11.x.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2019-0019.html
_____________________________________________________________________

VMware Security Advisories

+-----------+-----------------------------------------------------------------+
|Advisory ID|VMSA-2019-0019
      |
+-----------+-----------------------------------------------------------------+
|Advisory   |Moderate
      |
|Severity   |
      |
+-----------+-----------------------------------------------------------------+
|CVSSv3     |6.3
      |
|Range      |
      |
+-----------+-----------------------------------------------------------------+
|Synopsis   |VMware ESXi, Workstation and Fusion updates address a
      |
|           |denial-of-service vulnerability (CVE-2019-5536)
      |
+-----------+-----------------------------------------------------------------+
|Issue Date |2019-10-24
      |
+-----------+-----------------------------------------------------------------+
|Updated On |2019-10-24 (Initial Advisory)
      |
+-----------+-----------------------------------------------------------------+
|CVE(s)     |CVE-2019-5536
      |
+-----------+-----------------------------------------------------------------+


1. Impacted Products

  o VMware vSphere ESXi (ESXi)
  o VMware Workstation Pro / Player (Workstation)
  o VMware Fusion Pro / Fusion (Fusion)


2. Introduction

VMware ESXi, Workstation and Fusion contain a denial-of-service
vulnerability. Patches and workarounds are available to remediate
this vulnerability in affected VMware products.


3. VMware ESXi, Workstation and Fusion shader denial-of-service
vulnerability (CVE-2019-5536)

Description:
VMware ESXi, Workstation and Fusion contain a denial-of-service
vulnerability in the shader functionality. VMware has evaluated
the severity of this issue to be in the Moderate severity range
with a maximum CVSSv3 base score of 6.3.


Known Attack Vectors:
Successful exploitation of this issue may allow attackers with
normal user privileges to create a denial-of-service condition
on their own VM.


Resolution:
To remediate CVE-2019-5536, apply the patches listed in the
'Fixed Version' column of the 'Resolution Matrix' found below.


Workarounds:
The workaround for this issue involves disabling the
3D-acceleration feature.
Please see the 'Workarounds' column of the 'Resolution Matrix'
found below.


Additional Documentations:
None.


Notes:
Exploitation of this issue require an attacker to have access
to a virtual machine with 3D graphics enabled. It is not enabled
by default on ESXi and is enabled by default on Workstation and
Fusion.


Acknowledgements:
VMware would like to thank Piotr Bania of Cisco Talos for reporting
this issue to us.


Response Matrix:

+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+
|Product    |Version|Running|CVE          |CVSSV3|Severity|Fixed Version
      |Workarounds       |Additional|
|           |       |On     |Identifier   |      |        |
       |                  |Documents |
+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+
|ESXi       |6.7    |Any    |CVE-2019-5522|6.3
|Moderate|ESXi670-201908101-SG|see VMSA-2018-0025|None      |
+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+
|ESXi       |6.5    |Any    |CVE-2019-5536|6.3
|Moderate|ESXi650-201910401-SG|see VMSA-2018-0025|None      |
+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+
|ESXi       |6.0    |Any    |CVE-2019-5536|N/A   |N/A     |Not affected
       |N/A               |N/A       |
+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+
|Workstation|15.x   |Any    |CVE-2019-5536|6.3   |Moderate|15.5.0
       |see VMSA-2018-0025|None      |
+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+
|Fusion     |11.x   |OS X   |CVE-2019-5536|6.3   |Moderate|11.5.0
       |see VMSA-2018-0025|None      |
+-----------+-------+-------+-------------+------+--------+--------------------+------------------+----------+


4. References

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5536

FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/
I:N/A:H


Fixed Version(s) and Release Notes:

VMware ESXi 6.7 U3

Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=742&downloadGroup=ESXI67U3
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/
vsphere-esxi-67u3-release-notes.html


VMware ESXi 6.5 EP16

Downloads and Documentation:
https://my.vmware.com/group/vmware/patch#search


VMware Workstation Pro 15.5.0

Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html


VMware Workstation Player 15.5.0

Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html


VMware Fusion 11.5.0

Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html


5. Change log

2019-10-24: VMSA-2019-0019

Initial security advisory in conjunction with the release of
ESXi 6.5 patch on 2019-10-24.


6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:
  security-announce@lists.vmware.com
  bugtraq@securityfocus.com
  fulldisclosure@seclists.org

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
https://www.vmware.com/security/advisories


VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security


Twitter
https://twitter.com/VMwareSRC


Copyright 2019 VMware Inc. All rights reserved.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================