VMware ESXi/Workstation/Fusion USB 2.0 Controller race condition

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (the affected version is unknown). This vulnerability affects an unknown function of the component USB 2.0 Controller. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056193110/27/2020VulD...confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlcve.mitre.org10/27/2020accepted70
1020146706/26/2020VulD...cve_nvd_summaryVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.mitre.org06/26/2020accepted100
1020146606/26/2020VulD...cve_assigned1577664000mitre.org06/26/2020accepted100
1020146006/26/2020VulD...cvss3_nvd_aHnist.gov06/26/2020accepted100
1020145906/26/2020VulD...cvss3_nvd_iHnist.gov06/26/2020accepted100
1020145806/26/2020VulD...cvss3_nvd_cHnist.gov06/26/2020accepted100
1020145706/26/2020VulD...cvss3_nvd_sCnist.gov06/26/2020accepted100
1020145606/26/2020VulD...cvss3_nvd_uiNnist.gov06/26/2020accepted100
1020145506/26/2020VulD...cvss3_nvd_prHnist.gov06/26/2020accepted100
1020145406/26/2020VulD...cvss3_nvd_acHnist.gov06/26/2020accepted100
1020145306/26/2020VulD...cvss3_nvd_avLnist.gov06/26/2020accepted100
1020144006/26/2020VulD...cvss2_nvd_aiPnist.gov06/26/2020accepted100
1020143906/26/2020VulD...cvss2_nvd_iiPnist.gov06/26/2020accepted100
1020143806/26/2020VulD...cvss2_nvd_ciPnist.gov06/26/2020accepted100
1020143706/26/2020VulD...cvss2_nvd_auNnist.gov06/26/2020accepted100
1020143606/26/2020VulD...cvss2_nvd_acHnist.gov06/26/2020accepted100
1020143506/26/2020VulD...cvss2_nvd_avLnist.gov06/26/2020accepted100
1020142506/26/2020VulD...cwe362 (race condition)06/26/2020accepted100
1020142106/26/2020VulD...typeVirtualization Software06/26/2020accepted100
1020147606/26/2020VulD...cvss3_nvd_basescore7.5nist.gov06/26/2020accepted90

Do you need the next level of professionalism?

Upgrade your account now!