CVE-2020-3981

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804 VMware ESXi versions 6.7 before ESXi670-202008101-SG VMware ESXi versions 6.5 before ESXi650-202007101-SG VMware Workstation versions 15.x VMware Fusion versions 11.x before 11.5.6

Description: The issue is related to an out-of-bounds read vulnerability due to a time-of-check time-of-use problem in the ACPI device. This could allow a malicious actor with administrative access to a virtual machine to leak memory from the vmx process. The vulnerability may also enable an attacker to gain unauthorized access to protected information.

Recommendations: For VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804, update to ESXi 7.0.1-0.0.16850804 or later. For VMware ESXi versions 6.7 before ESXi670-202008101-SG, apply the ESXi670-202008101-SG patch. For VMware ESXi versions 6.5 before ESXi650-202007101-SG, apply the ESXi650-202007101-SG patch. For VMware Workstation versions 15.x, there is no information about a newer version that contains a fix for this vulnerability. For VMware Fusion versions 11.x before 11.5.6, update to version 11.5.6 or later.