CVE-2019-5527

CVSS V2 High 7.2 CVSS V3 High 8.8

Description

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

Overview

CVE ID
CVE-2019-5527

Assigner
security@vmware.com

Vulnerability Status
Analyzed

Published Version
2019-10-10T17:15:18

Last Modified Date
2022-06-02T19:19:10

Weakness Enumerations

CWE	URL
CWE-416	http://cwe.mitre.org/data/definitions/416.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
		AND
cpe:2.3:a:vmware:horizon::::::linux::*	1	OR		5.2.0
cpe:2.3:a:vmware:horizon::::::macos::*	1	OR		5.2.0
cpe:2.3:a:vmware:horizon::::::windows::*	1	OR		5.2.0
cpe:2.3:a:vmware:remote_console::::::linux::*	1	OR	10.0.0	10.0.5
cpe:2.3:a:vmware:remote_console::::::windows::*	1	OR	10.0.0	10.0.5
cpe:2.3:a:vmware:workstation::::::::	1	OR	15.0.0	15.5.0
		AND
cpe:2.3:a:vmware:fusion::::::::	1	OR	11.0.0	11.5.0
cpe:2.3:o:apple:mac_os_x:-:::::::*	0	OR
		AND
cpe:2.3:o:vmware:esxi:6.0:-::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:1::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:1a::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:1b::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:2::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:3::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:3a::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201504401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201505401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507404::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507405::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507406::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201507407::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201509210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201510401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201511401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601404::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201601405::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201602401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201603208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201605401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201608101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201608401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201608402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201608403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201608404::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201608405::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201610410::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201611401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201611402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201611403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201702212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201703401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201706101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201706102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201706103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201706401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201706402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201706403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201710301::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201811001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201811401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201903001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201905001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.0:600-201909001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:-::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:2::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201701001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201703001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201703002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201704001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707213::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707214::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707215::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707216::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707217::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707218::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707219::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707220::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707221::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201710001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201712001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201803001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201806001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201808001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201810001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201810002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201811001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201811002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201811301::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201901001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201903001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:-::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201806001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201807001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201808001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810213::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810214::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810215::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810216::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810217::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810218::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810219::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810220::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810221::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810222::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810223::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810224::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810225::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810226::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810227::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810228::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810229::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810230::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810231::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810232::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810233::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810234::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201811001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201903001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904001::::::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
7.2

Severity
HIGH

Exploitability Score
3.9

Impact Score
10

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector
LOCAL

Attack Compatibility
LOW

Privileges Required
LOW

User Interaction
NONE

Scope
CHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
8.8

Base Severity
HIGH

Exploitability Score
2

Impact Score
6

References

Reference URL	Reference Tags
https://www.vmware.com/security/advisories/VMSA-2019-0014.html	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2019-5527
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5527

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 07:06:31				Added to TrackCVE
2022-12-04 04:12:36	2019-10-10T17:15Z	2019-10-10T17:15:18	CVE Published Date	updated
2022-12-04 04:12:36		2022-06-02T19:19:10	CVE Modified Date	updated
2022-12-04 04:12:36		Analyzed	Vulnerability Status	updated