PT-2020-17817 · Vmware · Vmware Fusion+2
Cfir Cohen
·
Published
2020-06-09
·
Updated
2021-09-28
·
CVE-2020-3960
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 6.7 before ESXi670-202006401-SG
VMware ESXi versions 6.5 before ESXi650-202005401-SG
VMware Workstation versions 15.x before 15.5.5
VMware Fusion versions 11.x before 11.5.5
Description
The issue concerns an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine that has a virtual NVMe controller may be able to read privileged information contained in physical memory.
Recommendations
For VMware ESXi version 6.7, update to ESXi670-202006401-SG or later.
For VMware ESXi version 6.5, update to ESXi650-202005401-SG or later.
For VMware Workstation version 15.x, update to 15.5.5 or later.
For VMware Fusion version 11.x, update to 11.5.5 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Esxi
Vmware Fusion
Vmware Workstation