Out-of-Bounds Read Vulnerability in VMware Products
CVE-2020-3970
3.8LOW
Summary
VMware ESXi, Workstation, and Fusion versions prior to specified updates are affected by an out-of-bounds read vulnerability in the Shader functionality. This flaw may allow a malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled to exploit the vulnerability, potentially leading to the crashing of the vmx process. This results in a partial denial of service condition and can undermine the stability of the virtual machine environment.
Affected Version(s)
Fusion 11.x before 11.5.5
VMware ESXi 7.0 before ESXi_7.0.0-1.20.16321839
VMware ESXi 6.7 before ESXi670-202004101-SG
References
CVSS V3.1
Score:
3.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved