CVE-2020-3970Out-of-bounds Read in Vmware Cloud Foundation

CWE-125Out-of-bounds Read5 documents5 sources
Severity
3.8LOWNVD
EPSS
0.0%
top 86.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Vmware Cloud FoundationVmware FusionVmware Workstation+2 more
Timeline
PublishedJun 25
Latest updateFeb 2

Description

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 2.0 | Impact: 1.4

Affected Packages7 packages

NVDvmware/fusion11.0.011.5.5
NVDvmware/workstation15.0.015.5.5
NVDvmware/esxi6.5, 6.7, 7.0.0+2
CVEListV5vmware/fusion11.x before 11.5.5
CVEListV5vmware/vmware_esxi6.5 before ESXi650-202005401-SG, 6.7 before ESXi670-202004101-SG, 7.0 before ESXi_7.0.0-1.20.16321839+2

🔴Vulnerability Details

3
OSV
tiff vulnerabilities2023-02-02
GHSA
GHSA-jmqf-g3qv-hq44: VMware ESXi (72022-05-24
CVEList
CVE-2020-3970: VMware ESXi (72020-06-25

📋Vendor Advisories

1
VMware
VMware Cloud Foundation, ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-06-23
CVE-2020-3970 — Out-of-bounds Read in Vmware | cvebase