Multiple vulnerabilities in VMware Products
Original Issue Date: June 26, 2020
Severity Rating: High
- VMware ESXi versions 7.0, 6.7, 6.5
- VMware Workstation Pro / Player versions prior to 15.5.5
- VMware Fusion Pro / Fusion versions prior to 11.5.5
- VMware Cloud Foundation 4.x versions prior to 4.0.1
- VMware Cloud Foundation 3.x versions prior to 18.104.22.168
Multiple vulnerabilities have been reported in VMware products which could allow an attacker with local access to a virtual machine to execute arbitrary code, cause denial of service conditions or access sensitive information on a targeted hypervisor system.
These vulnerabilities exist in VMware products due to use-after-free, heap-overflow, off-by-one heap-overflow, out-of-bounds read, out-of-bounds write, heap-overflow due to race condition and other errors in SVGA device, Shader Functionality, EHCI controller, xHCI controller, xHCI USB controller, EHCI USB controller, PVNVRAMand vmxnet3 components.
Successful exploitation of these vulnerabilities could allow an attacker with local access to a virtual machine to execute arbitrary code, cause denial of service conditions or access sensitive information on the targeted hypervisor system.
Apply appropriate security updates as mentioned in
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003