Memory Leak Vulnerability in VMware Hypervisors and Workstation
CVE-2020-3995

5.3MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Esxi, Workstation, Fusion
Vendor: CVE Published:; 20 October 2020

Summary

VMware has identified a memory leak vulnerability within the VMCI host drivers used by its hypervisors, including ESXi and Workstation. This vulnerability allows a malicious actor with access to a virtual machine to induce a memory leak, which over time can lead to memory resource exhaustion on the hypervisor. If exploited, this issue could affect the performance and stability of the virtualization environment, causing a denial of service. It is essential for administrators to apply the latest patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

VMware ESXi, Workstation, Fusion VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0)

References

https://www.vmware.com/security/advisories/VMSA-2020-0023...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2020
Vulnerability Reserved
Dec 30, 2019