Rewterz Threat Advisory – Red Hat update for libssh2
March 29, 2019Rewterz Threat Advisory – CVE-2019-3813 – Amazon Linux update for spice
March 30, 2019Rewterz Threat Advisory – Red Hat update for libssh2
March 29, 2019Rewterz Threat Advisory – CVE-2019-3813 – Amazon Linux update for spice
March 30, 2019Severity
Medium
Analysis Summary
1) An error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to cause an out-of-bounds memory access.
2) A race condition error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 and #2 may allow execution of code on the host but requires virtual machine with a virtual USB controller present.
Impact
Security Bypass
Affected Vendors
VMware
Affected Products
VMware Workstation Player 14.xVMware ESXi 6.x
Remediation
Apply patch or update to a fixed version.
VMware ESXi version 6.0:
Apply ESXi600-201903001.
VMware ESXi version 6.5:
Apply ESXi650-201903001.
VMware ESXi version 6.7:
Apply ESXi670-201903001.
VMware Workstation Player:
Update to version 14.1.7.