VMware ESXi/Workstation/Fusion USB 2.0 Controller out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in VMware ESXi, Workstation and Fusion (Virtualization Software) (unknown version). This issue affects an unknown functionality of the component USB 2.0 Controller. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056193210/27/2020VulD...confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlcve.mitre.org10/27/2020accepted70
1020152306/26/2020VulD...cve_nvd_summaryVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.mitre.org06/26/2020accepted100
1020152206/26/2020VulD...cve_assigned1577664000mitre.org06/26/2020accepted100
1020151606/26/2020VulD...cvss3_nvd_aHnist.gov06/26/2020accepted100
1020151506/26/2020VulD...cvss3_nvd_iHnist.gov06/26/2020accepted100
1020151406/26/2020VulD...cvss3_nvd_cHnist.gov06/26/2020accepted100
1020151306/26/2020VulD...cvss3_nvd_sCnist.gov06/26/2020accepted100
1020151206/26/2020VulD...cvss3_nvd_uiNnist.gov06/26/2020accepted100
1020151106/26/2020VulD...cvss3_nvd_prHnist.gov06/26/2020accepted100
1020151006/26/2020VulD...cvss3_nvd_acHnist.gov06/26/2020accepted100
1020150906/26/2020VulD...cvss3_nvd_avLnist.gov06/26/2020accepted100
1020149606/26/2020VulD...cvss2_nvd_aiPnist.gov06/26/2020accepted100
1020149506/26/2020VulD...cvss2_nvd_iiPnist.gov06/26/2020accepted100
1020149406/26/2020VulD...cvss2_nvd_ciPnist.gov06/26/2020accepted100
1020149306/26/2020VulD...cvss2_nvd_auNnist.gov06/26/2020accepted100
1020149206/26/2020VulD...cvss2_nvd_acMnist.gov06/26/2020accepted100
1020149106/26/2020VulD...cvss2_nvd_avLnist.gov06/26/2020accepted100
1020148106/26/2020VulD...cwe787 (memory corruption)06/26/2020accepted100
1020147706/26/2020VulD...typeVirtualization Software06/26/2020accepted100
1020153206/26/2020VulD...cvss3_nvd_basescore7.5nist.gov06/26/2020accepted90

Want to stay up to date on a daily basis?

Enable the mail alert feature now!