VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version not known) and classified as problematic. Affected by this issue is an unknown code of the component vmxnet3 Virtual Network Adapter. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056193510/27/2020VulD...confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlcve.mitre.org10/27/2020accepted70
1020169206/26/2020VulD...cve_nvd_summaryVMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.mitre.org06/26/2020accepted100
1020169106/26/2020VulD...cve_assigned1577664000mitre.org06/26/2020accepted100
1020168506/26/2020VulD...cvss3_nvd_aNnist.gov06/26/2020accepted100
1020168406/26/2020VulD...cvss3_nvd_iNnist.gov06/26/2020accepted100
1020168306/26/2020VulD...cvss3_nvd_cHnist.gov06/26/2020accepted100
1020168206/26/2020VulD...cvss3_nvd_sUnist.gov06/26/2020accepted100
1020168106/26/2020VulD...cvss3_nvd_uiNnist.gov06/26/2020accepted100
1020168006/26/2020VulD...cvss3_nvd_prLnist.gov06/26/2020accepted100
1020167906/26/2020VulD...cvss3_nvd_acLnist.gov06/26/2020accepted100
1020167806/26/2020VulD...cvss3_nvd_avLnist.gov06/26/2020accepted100
1020166506/26/2020VulD...cvss2_nvd_aiNnist.gov06/26/2020accepted100
1020166406/26/2020VulD...cvss2_nvd_iiNnist.gov06/26/2020accepted100
1020166306/26/2020VulD...cvss2_nvd_ciPnist.gov06/26/2020accepted100
1020166206/26/2020VulD...cvss2_nvd_auNnist.gov06/26/2020accepted100
1020166106/26/2020VulD...cvss2_nvd_acLnist.gov06/26/2020accepted100
1020166006/26/2020VulD...cvss2_nvd_avLnist.gov06/26/2020accepted100
1020165006/26/2020VulD...cwe787 (memory corruption)06/26/2020accepted100
1020164606/26/2020VulD...typeVirtualization Software06/26/2020accepted100
1020170106/26/2020VulD...cvss3_nvd_basescore5.5nist.gov06/26/2020accepted90

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!