Out-of-Bounds Read Vulnerability in VMware Products
CVE-2020-3970

3.8LOW

Key Information:

Vendor
Vmware
Vendor
CVE Published:
25 June 2020

Summary

VMware ESXi, Workstation, and Fusion versions prior to specified updates are affected by an out-of-bounds read vulnerability in the Shader functionality. This flaw may allow a malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled to exploit the vulnerability, potentially leading to the crashing of the vmx process. This results in a partial denial of service condition and can undermine the stability of the virtual machine environment.

Affected Version(s)

Fusion 11.x before 11.5.5

VMware ESXi 7.0 before ESXi_7.0.0-1.20.16321839

VMware ESXi 6.7 before ESXi670-202004101-SG

References

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.