VMware Workstation Use-After-Free Arbitrary Code Execution Vulnerability

By GIXnews

A vulnerability in VMware Workstation could allow an authenticated, remote attacker to execute arbitrary code on a targeted Linux host system.

The vulnerability is due to a use-after-free condition that exists in the Advanced Linux Sound Architecture (ALSA) backend of the affected software. An attacker on a guest system could exploit this vulnerability by sending a request that submits malicious input to the targeted host system. A successful exploit could allow the attacker to execute arbitrary code on the host system.

VMware has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-5525

Source:: Cisco Multivendor Vulnerability Alerts