CVE-2020-4004

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.5 through 7.0 before ESXi70U1b-17168206 VMware Workstation versions 15.x before 15.5.7 VMware Fusion versions 11.x before 11.5.7

Description The issue concerns a use-after-free vulnerability in the XHCI USB controller of VMware products. A malicious actor with local administrative privileges on a virtual machine can exploit this problem to execute code as the virtual machine's VMX process running on the host.

Recommendations For VMware ESXi versions 6.5 through 7.0 before ESXi70U1b-17168206, update to a version that includes the fix for this issue. For VMware Workstation versions 15.x before 15.5.7, update to version 15.5.7 or later. For VMware Fusion versions 11.x before 11.5.7, update to version 11.5.7 or later. As a temporary workaround, consider restricting access to the XHCI USB controller to minimize the risk of exploitation.