Home Security VMware Fixed Multiple Vulnerabilities In Workstation, Fusion, and Others

VMware Fixed Multiple Vulnerabilities In Workstation, Fusion, and Others

by Abeerah Hashim

VMware has recently patched multiple vulnerabilities affecting Workstation, Fusion, and more. These vulnerabilities also included some critical severity bugs.

Critical Vulnerability In VMware Products

Reportedly, VMware has addressed a critical security bug affecting its products.

As elaborated in their advisory, the vulnerability (CVE-2020-3962) existed in the VMware Workstation (Pro/Player), ESXi, Fusion (Pro/Fusion), and VMware Cloud Foundation. This critical flaw attained a CVSS score of 9.3.

Describing this use after free bug, the advisory reads,

VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in the SVGA device… A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

Detailing the response matrix, VMware also mentioned two more vulnerabilities. One of these includes a high-severity off-by-one heap-overflow flaw (CVE-2020-3969) that achieved a CVSS score of 8.1. Whereas, the other included a medium severity Out-of-bound read vulnerability in Shader Functionality (CVE-2020-3970).

Other VMware Vulnerabilities Receiving Patches

Apart from the above three, VMware also patched six high-severity vulnerabilities affecting its products. Three of these, CVE-2020-3967, CVE-2020-3968, and CVE-2020-3966, achieved a CVSS score of 8.1. Whereas, the other three, CVE-2020-3965, CVE-2020-3964, and CVE-2020-3963 achieved a CVSS score of 7.1.

Moreover, they also addressed a single medium severity flaw (CVE-2020-3971) with a 5.9 CVSS score.

Hence, in all, the vendors have released fixes for 10 different security vulnerabilities.

For all the six high severity bugs, VMware has suggested removing the USB controller as a workaround.

Whereas, for the single medium severity vulnerability, no workaround is available.

Nonetheless, the vendors have addressed all the 10 bugs with the release of the latest versions of the respective products. Hence, users should make sure to update their systems according to the advisory.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We will assume you are ok with this, but you can opt-out if you wish. Accept Read More

%d bloggers like this: