Out-of-bounds read in VMware Workstation and VMware Fusion - CVE-2023-20870

 

Out-of-bounds read in VMware Workstation and VMware Fusion - CVE-2023-20870

Published: April 25, 2023 / Updated: May 2, 2023


Vulnerability identifier: #VU75489
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-20870
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Workstation
VMware Fusion

Detailed vulnerability description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the UHCI component in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with administrative access to the guest OS can trigger an out-of-bounds read error and read contents of memory on the host OS.


How to mitigate CVE-2023-20870

Install updates from vendor's website.

Sources