1. Overview KB Article ID: 75080 Title: Response to VMCI Sock (VSOCK) vulnerabilities (CVE-2019-5541, CVE-2019-5542) Release Date: December 17, 2019 Last Updated: January 7, 2020 (patches refreshed) Severity (VMware rating): Important

KB 75080 addresses a set of vulnerabilities in the Virtual Machine Communication Interface (VMCI) Sock (VSOCK) implementation in VMware ESXi, Workstation, and Fusion. | CVE ID | Description | Impact | |--------|-------------|--------| | CVE-2019-5541 | Out-of-bounds read/write in the VMCI Sock component | Memory corruption → sandbox escape (guest-to-host) | | CVE-2019-5542 | Improper handling of certain VSOCK packets | Denial of service (guest crashes) or potential host crash |