CVE-2020-3965

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839 VMware ESXi versions 6.7 before ESXi670-202006401-SG VMware ESXi versions 6.5 before ESXi650-202005401-SG VMware Workstation versions 15.x before 15.5.2 VMware Fusion versions 11.x before 11.5.2

Description The issue is related to an information leak in the XHCI USB controller of the affected software. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. This is due to a lack of protection for service data.

Recommendations For VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839, update to a version that includes the ESXi 7.0.0-1.20.16321839 patch or later. For VMware ESXi versions 6.7 before ESXi670-202006401-SG, update to a version that includes the ESXi670-202006401-SG patch or later. For VMware ESXi versions 6.5 before ESXi650-202005401-SG, update to a version that includes the ESXi650-202005401-SG patch or later. For VMware Workstation versions 15.x before 15.5.2, update to version 15.5.2 or later. For VMware Fusion versions 11.x before 11.5.2, update to version 11.5.2 or later.