Multiple vulnerabilities in VMware ESXi, Fusion, Workstation and Cloud Foundation
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-3967 CVE-2020-3968 CVE-2020-3970 CVE-2020-3969 CVE-2020-3962 |
| CWE-ID | CWE-122 CWE-787 CWE-125 CWE-193 CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VMware ESXi Operating systems & Components / Operating system VMware Fusion Client/Desktop applications / Virtualization software VMware Workstation Client/Desktop applications / Virtualization software Cloud Foundation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
Updated: 01.07.2020
Updated description of vulnerabilities and provided links to ZDI.
1) Heap-based buffer overflow
EUVDB-ID: #VU29298
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-3967
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in EHCI controller. A local attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.3
VMware Workstation: 15.0.0 - 15.5.2
Cloud Foundation: 3.0 - 4.0
Fixed software versionsCPE2.3 External links
http://exchange.xforce.ibmcloud.com/vulnerabilities/183922
http://www.zerodayinitiative.com/advisories/ZDI-20-784/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Out-of-bounds write
EUVDB-ID: #VU29297
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-3968
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in xHCI controller. A local attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.3
VMware Workstation: 15.0.0 - 15.5.2
Cloud Foundation: 3.0 - 4.0
Fixed software versionsCPE2.3 External links
http://www.zerodayinitiative.com/advisories/ZDI-20-781/
http://www.vmware.com/security/advisories/VMSA-2020-0015.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Out-of-bounds read
EUVDB-ID: #VU29296
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-3970
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the Shader functionality. A local attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.3
VMware Workstation: 15.0.0 - 15.5.2
Cloud Foundation: 3.0 - 4.0
Fixed software versionsCPE2.3 External links
http://www.vmware.com/security/advisories/VMSA-2020-0015.html
http://www.zerodayinitiative.com/advisories/ZDI-20-782/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Off-by-one
EUVDB-ID: #VU29295
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-3969
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an off-by-one error in SVGA device when processing SVGA3D commands. A local attacker can trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 7.0
VMware Fusion: 11.0.0 - 11.5.3
VMware Workstation: 15.0.0 - 15.5.2
Cloud Foundation: 3.0 - 4.0
Fixed software versionsCPE2.3 External links
http://www.vmware.com/security/advisories/VMSA-2020-0015.html
http://www.zerodayinitiative.com/advisories/ZDI-20-786/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Use-after-free
EUVDB-ID: #VU29294
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-3962
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the SVGA device when processing SVGA DXInvalidateContext command. A local attacker can execute arbitrary code on the hypervisor from a virtual machine.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.3
VMware Workstation: 15.0.0 - 15.5.2
Cloud Foundation: 3.0 - 4.0
Fixed software versionsCPE2.3 External links
http://www.vmware.com/security/advisories/VMSA-2020-0015.html
http://www.zerodayinitiative.com/advisories/ZDI-20-785/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
