CVE-2019-5525

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Published: Jun 6, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5525
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
vmware / workstation	15.0.0	15.1.0

http://www.securityfocus.com/bid/108674
https://www.vmware.com/security/advisories/VMSA-2019-0009.html

Vulnerability Database

289,782

CVE-2019-5525