SB2020062520 - Multiple vulnerabilities in VMware ESXi, Fusion, Workstation and Cloud Foundation

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020062520

SB2020062520 - Multiple vulnerabilities in VMware ESXi, Fusion, Workstation and Cloud Foundation

Published: June 25, 2020 Updated: July 1, 2020

Security Bulletin ID SB2020062520
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2020-3967)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error in EHCI controller. A local attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Out-of-bounds write (CVE-ID: CVE-2020-3968)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in xHCI controller. A local attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


3) Out-of-bounds read (CVE-ID: CVE-2020-3970)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the Shader functionality. A local attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.


4) Off-by-one (CVE-ID: CVE-2020-3969)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error in SVGA device when processing SVGA3D commands. A local attacker can trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Use-after-free (CVE-ID: CVE-2020-3962)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the SVGA device when processing SVGA DXInvalidateContext command. A local attacker can execute arbitrary code on the hypervisor from a virtual machine.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install update from vendor's website.

References