CVE-2020-3963

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839 VMware ESXi versions 6.7 before ESXi670-202006401-SG VMware ESXi versions 6.5 before ESXi650-202005401-SG VMware Workstation versions 15.x before 15.5.2 VMware Fusion versions 11.x before 11.5.2

Description The issue is related to a use-after-free vulnerability in the PVNVRAM component of VMware ESXi, VMware Workstation, and VMware Fusion. This vulnerability may allow a malicious actor with local access to a virtual machine to read privileged information contained in physical memory.

Recommendations For VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839, update to a version that includes the ESXi 7.0.0-1.20.16321839 patch or later. For VMware ESXi versions 6.7 before ESXi670-202006401-SG, apply the ESXi670-202006401-SG patch or later. For VMware ESXi versions 6.5 before ESXi650-202005401-SG, apply the ESXi650-202005401-SG patch or later. For VMware Workstation versions 15.x before 15.5.2, update to version 15.5.2 or later. For VMware Fusion versions 11.x before 11.5.2, update to version 11.5.2 or later.