CVE-2020-3999

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 7.0 prior to ESXi70U1c-17325551 VMware Workstation versions 16.x prior to 16.0 and 15.x prior to 15.5.7 VMware Fusion versions 12.x prior to 12.0 and 11.x prior to 11.5.7 VMware Cloud Foundation (affected versions not specified)

Description The issue is related to a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process, leading to a denial of service condition. This can be caused by a null pointer dereference.

Recommendations For VMware ESXi versions 7.0 prior to ESXi70U1c-17325551, update to ESXi70U1c-17325551 or later. For VMware Workstation versions 16.x prior to 16.0, update to 16.0 or later. For VMware Workstation versions 15.x prior to 15.5.7, update to 15.5.7 or later. For VMware Fusion versions 12.x prior to 12.0, update to 12.0 or later. For VMware Fusion versions 11.x prior to 11.5.7, update to 11.5.7 or later. As a temporary workaround, consider restricting access to the GuestInfo interface until a patch is available.