CVE-2020-3982

CWE-367 CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.7HIGH

EPSS

0.2%

top 57.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Fusion Vmware Workstation +2 more

Timeline

PublishedOct 20

Latest updateMay 24

Description

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:HExploitability: 1.3 | Impact: 5.8

Affected Packages5 packages

▶NVDvmware/fusion11.0 — 11.5.6

▶NVDvmware/workstation15.0 — 15.5.6

▶NVDvmware/workstation_player15.0 — 15.5.6

▶NVDvmware/esxi6.5, 6.7, 7.0.0+2

▶NVDvmware/cloud_foundation3.0 — 3.10.1+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5g8-mmh3-rp62: VMware ESXi (7↗2022-05-24

▶

CVEList

CVE-2020-3982: VMware ESXi (7↗2020-10-20

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)↗2020-10-20

▶