Interested in this vulnerability CVE-2019-5541?

Preface: As far as I know, VMware announced CVE-2019-5541 on April 2019. But the security update just released two days ago. Perhaps this products not in profitable area. But the flaw awaken quite a lot of people to concerning the weakness in virtual machine design.

Background: VMware Workstation is for Windows/Linux while Fusion is for Intel Based Apple Computers only running Mac OS X 10.4.9 and later.

Type 1 hypervisors are commonly considered bare metal hypervisors, in that the hypervisor code itself runs directly on top of your hardware.
VMware Workstation is an example of a type 2 hypervisor. You can install it on top of an existing instance of Windows (and a number of Linux distributions).

Vulnerability details: VMware workstation and Fusion versions identified as victims to out-of-bounds write vulnerability in the e1000 virtual network adapter. The affected guest may allow to execute a malicious code on the hypervisor.

Supplement: The idea of heap buffer overflow is generally to achieve out-of-bounds write. According to the data of write, there are more specific subdivisions. For more details, please refer to attached diagram.

Official announcement – https://www.vmware.com/security/advisories/VMSA-2019-0021.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.