Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2020-3960

8.4HIGH

Key Information:

Vendor: Vmware
Status: Vmware Esxi, Workstation, And Fusion
Vendor: CVE Published:; 15 September 2021

Summary

VMware ESXi, Workstation, and Fusion are impacted by an out-of-bounds read vulnerability associated with the NVMe functionality. This issue allows a local malicious actor with non-administrative access to a virtual machine configured with a virtual NVMe controller to potentially exploit the flaw and access privileged information stored in physical memory. It is crucial for users to be aware of this vulnerability and apply necessary patches to safeguard their systems.

Affected Version(s)

VMware ESXi, Workstation, and Fusion VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5)

References

https://www.vmware.com/security/advisories/VMSA-2020-0012...

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 15, 2021
Vulnerability Reserved
Dec 30, 2019