CVE-2020-3964

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839 VMware ESXi versions 6.7 before ESXi670-202006401-SG VMware ESXi versions 6.5 before ESXi650-202005401-SG VMware Workstation versions 15.x before 15.5.2 VMware Fusion versions 11.x before 11.5.2

Description The issue is related to an information leak in the EHCI USB controller of VMware products. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

Recommendations For VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839, update to ESXi 7.0.0-1.20.16321839 or later. For VMware ESXi versions 6.7 before ESXi670-202006401-SG, update to ESXi670-202006401-SG or later. For VMware ESXi versions 6.5 before ESXi650-202005401-SG, update to ESXi650-202005401-SG or later. For VMware Workstation versions 15.x before 15.5.2, update to 15.5.2 or later. For VMware Fusion versions 11.x before 11.5.2, update to 11.5.2 or later.