Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion
CVE-2023-20870

6MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Workstation Pro / Player (workstation) And Vmware Fusion
Vendor: CVE Published:; 25 April 2023

Badges

📰 News Worthy

Summary

VMware Workstation and Fusion have a vulnerability that arises from improper handling of memory during the sharing of Bluetooth devices from the host to a virtual machine. This flaw may allow an attacker to access sensitive information or execute unauthorized operations within a virtual environment.

Affected Version(s)

VMware Workstation Pro / Player (Workstation) and VMware Fusion VMware Workstation (17.x) and VMware Fusion (13.x)

News Articles

CVE-2023-20869 CVE-2023-20870

Support Content Notification - Support Portal - Broadcom support portal

VMSA-2023-0008:VMware Workstation and Fusion updates address multiple security vulnerabilities Advisory ID: ...

Infosecurity Magazine

CVE-2023-20869 CVE-2023-20870

Critical Flaw Patched in VMware Workstation and Fusion

A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM

thmubnail image

Help Net Security

CVE-2023-20869 CVE-2023-20870

VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870) - Help Net Security

VMware has fixed four flaws (CVE-2023-20869,CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion software.

thmubnail image

References

https://www.vmware.com/security/advisories/VMSA-2023-0008...

CVSS V3.1

Score:

6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by Help Net Security
Apr 26, 2023
Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Nov 1, 2022

.