VMware ESXi/Workstation/Fusion Shader out-of-bounds read

A vulnerability has been found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown part of the component Shader Handler. Upgrading eliminates this vulnerability.

Field	06/26/2020 01:01 PM	06/26/2020 01:05 PM	10/27/2020 10:15 AM
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	3.8	3.8	3.8
cvss3_meta_tempscore	3.7	3.7	3.7
cvss3_vuldb_basescore	3.8	3.8	3.8
cvss3_vuldb_tempscore	3.7	3.7	3.7
cvss3_vuldb_av	L	L	L
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	C	C	C
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
date	1593043200 (06/25/2020)	1593043200 (06/25/2020)	1593043200 (06/25/2020)
url	https://www.vmware.com/security/advisories/VMSA-2020-0015.html	https://www.vmware.com/security/advisories/VMSA-2020-0015.html	https://www.vmware.com/security/advisories/VMSA-2020-0015.html
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Upgrade	Upgrade	Upgrade
cve	CVE-2020-3970	CVE-2020-3970	CVE-2020-3970
seealso	157244 157245 157273 157274 157275 157276 157277 157278 157280	157244 157245 157273 157274 157275 157276 157277 157278 157280	157244 157245 157273 157274 157275 157276 157277 157278 157280
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	3.8	3.8	3.8
vendor	VMware	VMware	VMware
name	ESXi/Workstation/Fusion	ESXi/Workstation/Fusion	ESXi/Workstation/Fusion
component	Shader Handler	Shader Handler	Shader Handler
risk	1	1	1
cvss2_vuldb_basescore	1.9	1.9	1.9
cvss2_vuldb_tempscore	1.7	1.7	1.7
cvss2_vuldb_av	L	L	L
cvss2_vuldb_ac	M	M	M
cvss2_nvd_av		L	L
cvss2_nvd_ac		M	M
cvss2_nvd_au		N	N
cvss2_nvd_ci		N	N
cvss2_nvd_ii		N	N
cvss2_nvd_ai		P	P
cvss3_nvd_av		L	L
cvss3_nvd_ac		L	L
cvss3_nvd_pr		L	L
cvss3_nvd_ui		N	N
cvss3_nvd_s		C	C
cvss3_nvd_c		N	N
cvss3_nvd_i		N	N
cvss3_nvd_a		L	L
cve_assigned		1577664000	1577664000
cve_nvd_summary		VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.	VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
type		Virtualization Software	Virtualization Software
cwe	0	125 (information disclosure)	125 (information disclosure)
confirm_url			https://www.vmware.com/security/advisories/VMSA-2020-0015.html

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!