#VU75489 Out-of-bounds read in VMware Workstation and VMware Fusion - CVE-2023-20870
Published: April 25, 2023 / Updated: May 2, 2023
Vulnerability identifier: #VU75489
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-20870
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
VMware Workstation
VMware Fusion
VMware Workstation
VMware Fusion
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the UHCI component in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with administrative access to the guest OS can trigger an out-of-bounds read error and read contents of memory on the host OS.
Remediation
Install updates from vendor's website.