Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
HPE Converged System 700 and HPE Converged System 750 solutions running Virtual Machines (VMs) with Windows must upgrade to VMware Tools version 10.3.10. This VMware Tools for Windows update addresses an out of bounds read vulnerability (CVE-2019-5522) in vm3dmp driver which is installed with VMware tools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools for Windows installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
Any of the following HPE Converged System 700 or HPE Converged System 750 solutions running with the HPE Software and Firmware Compatibility Matrix recipes listed below: ConvergedSystem Solutions HPE Converged System 700 Virtualization 2.0 VMware Kit HPE Converged System 700x v1.1 VMware Kit HPE Converged System 700x for VMware Solution Kit HPE Converged System 750 3.x for Synergy Foundation Kit Tracking (Q8A78A) HPE Converged System 750 3.x for Synergy and VMware Kit Tracking (Q8A80A) HPE Converged Architecture 750 for Synergy Gen10 with Solution Support Tracking (R0H83A) HPE Software and Firmware Compatibility Matrix Recipes HPE CS700 FMSW Recipe - August 2018 HPE CS700 FMSW Recipe - May 2019 HPE CS750 FMSW Recipe - September 2018 HPE CS750 FMSW Recipe - January 2019 HPE CS750 FMSW Recipe - May 2019
Install VMware Tools 10.3.10 on VMs running Windows on HPE Converged system 700 and 750 solutions with the HPE Software and Firmware Compatibility Matrix recipes listed in the Scope. VMware Tools 10.3.10 is available for download at https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=742 . VMware Tools 10.3.10 Release Notes are available in the link below: https://docs.vmware.com/en/VMware-Tools/10.3/rn/vmware-tools-10310-release-notes.html . More details on the vulnerability CVE-2019-5522 are available on https://www.vmware.com/security/advisories/VMSA-2019-0009.html . Note: The links above will take you outside the Hewlett Packard Enterprise web site. HPE does not control and is not responsible for information outside of the HPE web site. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form. NAVIGATION TIP : For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for HPE systems and Options, refer to the Navigation Tips document . SEARCH TIP : For hints on locating similar documents on HPE.com, refer to the Search Tips Document .