VMware issued a security advisory for ten vulnerabilities that impact VMware ESXi, Workstation, Fusion and Cloud Foundation products.
An attacker could exploit one of these vulnerabilities and take control of an unpatched system.
Three of the ten more notable VMware VMSA-2020-0015 updates fix the following Critical vulnerabilities in VMware ESXi, Workstation and Fusion: CVE-2020-3962, CVE-2020-3969 and CVE-2020-3970. In addition, VMware addressed seven other vulnerabilities.
CVE-2020-3962: Use-after-free vulnerability in SVGA device
VVMware ESXi, Workstation and Fusion contain a Critical Use-after-free vulnerability in the SVGA device CVE-2020-3962.
“A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine,” VMware explained in the advisory.
The vulnerability has a CVSSv3 base score of 9.3 and is Critical severity.
CVE-2020-3969: Off-by-one heap-overflow vulnerability in SVGA device
VVMware ESXi, Workstation and Fusion contain an off-by-one heap-overflow vulnerability in the SVGA device CVE-2020-3969.
“A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.” VMware warned in the advisory.
VMware has rated this vulnerability CVSSv3 base score of 8.1.
CVE-2020-3970: Out-of-bound read issue in Shader Functionality
VVMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in the Shader functionality CVE-2020-3970.
“A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.” VMware warned in the advisory.
VMware has rated this vulnerability CVSSv3 base score of 4.0 or Moderate severity.
Additional VMware fixes
Additionally, VMware fixed the following vulnerabilities in VMware ESXi, Workstation and Fusion:
- Heap-overflow issue in EHCI controller (CVE-2020-3967)
- Out-of-bounds write vulnerability in xHCI controller (CVE-2020-3968)
- Heap-overflow due to race condition in EHCI controller (CVE-2020-3966)
- Information leak in the XHCI USB controller (CVE-2020-3965)
- Information Leak in the EHCI USB controller (CVE-2020-3964)
- Use-after-free vulnerability in PVNVRAM (CVE-2020-3963)
- Heap overflow vulnerability in vmxnet3 (CVE-2020-3971).
Finally, VMware has provided a response matrix for each of the set of patches that range from CVSS scores of 4 to 9.3.
Check out the advisory for more details on affected product versions and recommended upgrades to address the vulnerabilities.