VMware ESXi/Workstation/Fusion Shader out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown part of the component Shader Handler. Upgrading eliminates this vulnerability.

Field06/26/2020 01:01 PM06/26/2020 01:05 PM10/27/2020 10:15 AM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore3.83.83.8
cvss3_meta_tempscore3.73.73.7
cvss3_vuldb_basescore3.83.83.8
cvss3_vuldb_tempscore3.73.73.7
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
date1593043200 (06/25/2020)1593043200 (06/25/2020)1593043200 (06/25/2020)
urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.html
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
cveCVE-2020-3970CVE-2020-3970CVE-2020-3970
seealso157244 157245 157273 157274 157275 157276 157277 157278 157280157244 157245 157273 157274 157275 157276 157277 157278 157280157244 157245 157273 157274 157275 157276 157277 157278 157280
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore3.83.83.8
vendorVMwareVMwareVMware
nameESXi/Workstation/FusionESXi/Workstation/FusionESXi/Workstation/Fusion
componentShader HandlerShader HandlerShader Handler
risk111
cvss2_vuldb_basescore1.91.91.9
cvss2_vuldb_tempscore1.71.71.7
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_nvd_avLL
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sCC
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aLL
cve_assigned15776640001577664000
cve_nvd_summaryVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
typeVirtualization SoftwareVirtualization Software
cwe0125 (information disclosure)125 (information disclosure)
confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.html

Do you need the next level of professionalism?

Upgrade your account now!