CVE-2020-3971

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG VMware Workstation versions 15.x before 15.0.2 VMware Fusion versions 11.x before 11.0.2

Description The issue is related to a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. This vulnerability is associated with a buffer overflow, which can allow an attacker to gain unauthorized access to protected information.

Recommendations For VMware ESXi versions 6.7 before ESXi670-201904101-SG, update to ESXi670-201904101-SG or later. For VMware ESXi versions 6.5 before ESXi650-201907101-SG, update to ESXi650-201907101-SG or later. For VMware Workstation versions 15.x before 15.0.2, update to 15.0.2 or later. For VMware Fusion versions 11.x before 11.0.2, update to 11.0.2 or later. As a temporary workaround, consider disabling the vmxnet3 network adapter until a patch is available.