CVE-2020-3995

CWE-401Memory Leak4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 45.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Vmware Cloud FoundationVmware FusionVmware Workstation+1 more
Timeline
PublishedOct 20
Latest updateMay 24

Description

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

NVDvmware/fusion11.0.011.1.0
NVDvmware/workstation15.0.015.1.0
NVDvmware/esxi6.5, 6.7+1
NVDvmware/cloud_foundation3.03.9

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-rw87-jqj5-q35f: In VMware ESXi (62022-05-24
CVEList
CVE-2020-3995: In VMware ESXi (62020-10-20

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)2020-10-20
CVE-2020-3995 (MEDIUM CVSS 5.3) | In VMware ESXi (6.7 before ESXi670- | cvebase.io