VMware ESXi/Workstation/Fusion Shader out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown part of the component Shader Handler. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056193410/27/2020VulD...confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlcve.mitre.org10/27/2020accepted70
1020163606/26/2020VulD...cve_nvd_summaryVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.mitre.org06/26/2020accepted100
1020163506/26/2020VulD...cve_assigned1577664000mitre.org06/26/2020accepted100
1020162906/26/2020VulD...cvss3_nvd_aLnist.gov06/26/2020accepted100
1020162806/26/2020VulD...cvss3_nvd_iNnist.gov06/26/2020accepted100
1020162706/26/2020VulD...cvss3_nvd_cNnist.gov06/26/2020accepted100
1020162606/26/2020VulD...cvss3_nvd_sCnist.gov06/26/2020accepted100
1020162506/26/2020VulD...cvss3_nvd_uiNnist.gov06/26/2020accepted100
1020162406/26/2020VulD...cvss3_nvd_prLnist.gov06/26/2020accepted100
1020162306/26/2020VulD...cvss3_nvd_acLnist.gov06/26/2020accepted100
1020162206/26/2020VulD...cvss3_nvd_avLnist.gov06/26/2020accepted100
1020160906/26/2020VulD...cvss2_nvd_aiPnist.gov06/26/2020accepted100
1020160806/26/2020VulD...cvss2_nvd_iiNnist.gov06/26/2020accepted100
1020160706/26/2020VulD...cvss2_nvd_ciNnist.gov06/26/2020accepted100
1020160606/26/2020VulD...cvss2_nvd_auNnist.gov06/26/2020accepted100
1020160506/26/2020VulD...cvss2_nvd_acMnist.gov06/26/2020accepted100
1020160406/26/2020VulD...cvss2_nvd_avLnist.gov06/26/2020accepted100
1020159406/26/2020VulD...cwe125 (information disclosure)06/26/2020accepted100
1020159006/26/2020VulD...typeVirtualization Software06/26/2020accepted100
1020164506/26/2020VulD...cvss3_nvd_basescore3.8nist.gov06/26/2020accepted90

Do you know our Splunk app?

Download it now for free!