CVE-2020-8871

Name of the Vulnerable Software and Affected Versions Parallels Desktop versions 15.1.0-47107 through 15.1.2

Description This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this issue. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this issue to escalate privileges and execute code in the context of the hypervisor.

Recommendations For Parallels Desktop versions 15.1.0-47107 through 15.1.2, update to version 15.1.3 (47255) or later to resolve the issue. As a temporary workaround, consider restricting access to the VGA virtual device until a patch is applied.