Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2020-3982

7.7HIGH

Key Information:

Vendor: Vmware
Status: Vmware Esxi, Workstation, Fusion
Vendor: CVE Published:; 20 October 2020

Summary

VMware ESXi, Workstation, and Fusion products are susceptible to an out-of-bounds write vulnerability stemming from a time-of-check time-of-use issue in ACPI device handling. This flaw allows an attacker with administrative access to a compromised virtual machine to potentially exploit the vulnerability, leading to a crash of the virtual machine's vmx process or corruption within the hypervisor's memory heap. Proper patching is essential to mitigate this risk.

Affected Version(s)

VMware ESXi, Workstation, Fusion VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)

References

https://www.vmware.com/security/advisories/VMSA-2020-0023...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 20, 2020
Vulnerability Reserved
Dec 30, 2019