Description
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93886
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0017.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037102
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
14.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-254
Status
published
Products (23)
vmware/tools
10.0.0
vmware/tools
10.0.5
vmware/tools
10.0.6
vmware/tools
9.0.0
vmware/tools
9.0.1
vmware/tools
9.0.5
vmware/tools
9.0.10
vmware/tools
9.0.11
vmware/tools
9.0.12
vmware/tools
9.0.13
... and 13 more
Published
Dec 29, 2016
Tracked Since
Feb 18, 2026