CVE-2016-5329
MEDIUMVMware Fusion 8.x - Unauthorized Kernel Memory Address Exposure via kASLR Bypass
Title source: llmDescription
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037103
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0017.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93888
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
14.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (5)
vmware/fusion
8.0.0
vmware/fusion
8.0.1
vmware/fusion
8.0.2
vmware/fusion
8.1.0
vmware/fusion
8.1.1
Published
Dec 29, 2016
Tracked Since
Feb 18, 2026