VMware ESXi/Workstation/Fusion USB 3.0 Controller out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (version unknown). Affected is some unknown functionality of the component USB 3.0 Controller Handler. Upgrading eliminates this vulnerability.

Field06/26/2020 12:53 PM06/26/2020 12:59 PM10/27/2020 10:08 AM
vendorVMwareVMwareVMware
nameESXi/Workstation/FusionESXi/Workstation/FusionESXi/Workstation/Fusion
componentUSB 3.0 Controller HandlerUSB 3.0 Controller HandlerUSB 3.0 Controller Handler
risk222
historic000
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore5.25.25.2
cvss2_vuldb_avLLL
cvss2_vuldb_acHHH
cvss2_vuldb_auSSS
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss3_meta_basescore8.08.08.0
cvss3_meta_tempscore7.67.67.6
cvss3_vuldb_basescore7.87.87.8
cvss3_vuldb_tempscore7.57.57.5
cvss3_vuldb_avLLL
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
date1593043200 (06/25/2020)1593043200 (06/25/2020)1593043200 (06/25/2020)
urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.html
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
cveCVE-2020-3968CVE-2020-3968CVE-2020-3968
seealso157244 157245 157273 157274 157275 157276 157277 157279 157280157244 157245 157273 157274 157275 157276 157277 157279 157280157244 157245 157273 157274 157275 157276 157277 157279 157280
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore8.28.28.2
typeVirtualization SoftwareVirtualization Software
cwe0787 (memory corruption)787 (memory corruption)
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sCC
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cve_assigned15776640001577664000
cve_nvd_summaryVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.html

Do you want to use VulDB in your project?

Use the official API to access entries easily!