|CERT-In Vulnerability Note
Multiple Vulnerabilities in VMware Products
Original Issue Date:November 25, 2019
Severity Rating: HIGH
- VMware vSphere ESXi versions 6.0, 6.5, 6.7
- VMware Workstation versions 15.x
- VMware Fusion versions 11.x
Multiple vulnerabilities have been reported in VMware products which could be exploited by a remote attacker to cause denial of service (DOS) conditions or execution of code on a targeted system.
1. Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service Vulnerability
This vulnerability exists in Machine Check Error on Page Size Change (MCEPSC) of VMware products due to improper handling of objects in memory. A local attacker could exploit this vulnerability by logging on to the target system and executing a specially crafted application.
Successful exploitation of this vulnerability could allow the target system to stop responding resulting in denial of service conditions.
2. TSX Asynchronous Abort (TAA) Speculative-Execution Vulnerability
This vulnerability exists in VMware Workstation due to TSX Asynchronous Abort condition on some CPUs utilizing speculative execution. An attacker could exploit this vulnerability by logging on to the target system and executing a specially crafted application.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information of the affected system.
Apply appropriate fixes as issued by vendor in
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003