SB2020102044 - Multiple vulnerabilities in VMware ESXi
Published: October 20, 2020 Updated: April 19, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-3981)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to a time-of-check time-of-use issue in ACPI device within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. A remote administrator on a guest OS can run a specially crafted program to read memory from the vmx process.
2) Out-of-bounds write (CVE-ID: CVE-2020-3982)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error caused by a time-of-check time-of-use issue in ACPI device within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. A remote administrator on the guest OS can run a specially crafted program to trigger a heap-based buffer overflow and crash the system or execute arbitrary code on the hypervisor.
3) Use-after-free (CVE-ID: CVE-2020-3992)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the OpenSLP service. A remote attacker can can send specially crafted SLP message to port 427/udp, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Memory leak (CVE-ID: CVE-2020-3995)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the VMCI host driver. A remote attacker can force the application to leak memory and perform denial of service attack.
Remediation
Install update from vendor's website.