CVE-2020-4005

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 7.0 before ESXi70U1b-17168206 VMware ESXi versions 6.7 before ESXi670-202011101-SG VMware ESXi versions 6.5 before ESXi650-202011301-SG

Description The issue exists in the way certain system calls are being managed, allowing a malicious actor with privileges within the VMX process to escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The vulnerability is related to a lack of protection for internal data.

Recommendations For versions 7.0 before ESXi70U1b-17168206, update to ESXi70U1b-17168206 or later. For versions 6.7 before ESXi670-202011101-SG, update to ESXi670-202011101-SG or later. For versions 6.5 before ESXi650-202011301-SG, update to ESXi650-202011301-SG or later.