CVE-2020-3963

CWE-416Use After Free4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 69.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Vmware Cloud FoundationVmware FusionVmware Workstation+2 more
Timeline
PublishedJun 25
Latest updateMay 24

Description

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDvmware/fusion11.0.011.5.2
NVDvmware/workstation15.0.015.5.2
NVDvmware/esxi6.5, 6.7, 7.0.0+2
CVEListV5vmware/fusion11.x before 11.5.2
CVEListV5vmware/vmware_esxi6.5 before ESXi650-202005401-SG, 6.7 before ESXi670-202006401-SG, 7.0 before ESXi_7.0.0-1.20.16321839+2

🔴Vulnerability Details

2
GHSA
GHSA-jgx9-22v4-g4h8: VMware ESXi (72022-05-24
CVEList
CVE-2020-3963: VMware ESXi (72020-06-25

📋Vendor Advisories

1
VMware
VMware Cloud Foundation, ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-06-23