CVE-2020-3982

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804 VMware ESXi versions 6.7 before ESXi670-202008101-SG VMware ESXi versions 6.5 before ESXi650-202007101-SG VMware Workstation versions 15.x VMware Fusion versions 11.x before 11.5.6

Description: The issue is related to an out-of-bounds write vulnerability due to a time-of-check time-of-use problem in the ACPI device. This could allow a malicious actor with administrative access to a virtual machine to crash the virtual machine's vmx process or corrupt the hypervisor's memory heap. The vulnerability is associated with a buffer overflow, which may impact the integrity of protected information.

Recommendations: For VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804, update to ESXi 7.0.1-0.0.16850804 or later. For VMware ESXi versions 6.7 before ESXi670-202008101-SG, apply the ESXi670-202008101-SG patch or later. For VMware ESXi versions 6.5 before ESXi650-202007101-SG, apply the ESXi650-202007101-SG patch or later. For VMware Workstation versions 15.x, there is no information about a newer version that contains a fix for this vulnerability. For VMware Fusion versions 11.x before 11.5.6, update to version 11.5.6 or later.