VMware ESXi/Workstation/Fusion USB 3.0 Controller out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (version unknown). Affected is some unknown functionality of the component USB 3.0 Controller Handler. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056193310/27/2020VulD...confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlcve.mitre.org10/27/2020accepted70
1020158006/26/2020VulD...cve_nvd_summaryVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.mitre.org06/26/2020accepted100
1020157906/26/2020VulD...cve_assigned1577664000mitre.org06/26/2020accepted100
1020157306/26/2020VulD...cvss3_nvd_aHnist.gov06/26/2020accepted100
1020157206/26/2020VulD...cvss3_nvd_iHnist.gov06/26/2020accepted100
1020157106/26/2020VulD...cvss3_nvd_cHnist.gov06/26/2020accepted100
1020157006/26/2020VulD...cvss3_nvd_sCnist.gov06/26/2020accepted100
1020156906/26/2020VulD...cvss3_nvd_uiNnist.gov06/26/2020accepted100
1020156806/26/2020VulD...cvss3_nvd_prHnist.gov06/26/2020accepted100
1020156706/26/2020VulD...cvss3_nvd_acLnist.gov06/26/2020accepted100
1020156606/26/2020VulD...cvss3_nvd_avLnist.gov06/26/2020accepted100
1020155306/26/2020VulD...cvss2_nvd_aiPnist.gov06/26/2020accepted100
1020155206/26/2020VulD...cvss2_nvd_iiPnist.gov06/26/2020accepted100
1020155106/26/2020VulD...cvss2_nvd_ciPnist.gov06/26/2020accepted100
1020155006/26/2020VulD...cvss2_nvd_auNnist.gov06/26/2020accepted100
1020154906/26/2020VulD...cvss2_nvd_acLnist.gov06/26/2020accepted100
1020154806/26/2020VulD...cvss2_nvd_avLnist.gov06/26/2020accepted100
1020153706/26/2020VulD...cwe787 (memory corruption)06/26/2020accepted100
1020153306/26/2020VulD...typeVirtualization Software06/26/2020accepted100
1020158906/26/2020VulD...cvss3_nvd_basescore8.2nist.gov06/26/2020accepted90

Interested in the pricing of exploits?

See the underground prices here!