CVE-2020-3958

CWE-617 — Reachable Assertion CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 73.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Vmware Esxi +3 more

Timeline

PublishedMay 29

Latest updateMay 24

Description

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDvmware/fusion11.0.0 — 11.5.2

▶NVDvmware/workstation15.0.0 — 15.5.2

▶NVDvmware/esxi6.5, 6.7+1

▶CVEListV5vmware/vmware_esxi6.5 before ESXi650-202005401-SG, 6.7 before ESXi670-202004101-SG+1

▶CVEListV5vmware/vmware_fusion11.x before 11.5.2

🔴Vulnerability Details

GHSA

GHSA-jcrh-67wg-49cm: VMware ESXi (6↗2022-05-24

▶

CVEList

CVE-2020-3958: VMware ESXi (6↗2020-05-29

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)↗2020-05-28

▶