VMware addresses critical flaws in Workstation and Fusion

VMware addressed 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity code issues on the hypervisor.

VMware has addressed 10 vulnerabilities affecting ESXi, Workstation and Fusion products, including critical and high-severity issues that can be exploited by attackers to execute arbitrary code on the hypervisor.

The most serious issue is a critical use-after-free flaw, tracked as CVE-2020-3962, that affects the SVGA device.

“VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in the SVGA device. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.” reads the advisory published by the company. “A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.”

An attacker who has local access to a virtual machine with 3D graphics enabled could exploit the flaw to execute arbitrary code on the hypervisor from the VM

The 3D graphics are enabled by default on Workstation and Fusion, but it is not enabled by default on the ESXi product.

The virtualization giant also addressed an off-by-one heap overflow flaw in the SVGA device tracked as CVE-2020-3969 that received a CVSSv3 base score of 8.1.

“A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.” reads the advisory. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.

The company also addressed an out-of-bound read issue in Shader Functionality, tracked as CVE-2020-3970, of VMware ESXi, Workstation and Fusion.

The flaw could be exploited by an attacker with non-administrative local access to a virtual machine with 3D graphics enabled to crash the virtual machine’s vmx process leading to a partial denial of service condition.

VMware also fixed a high-severity heap overflow, tracked as CVE-2020-3967, that affects USB 2.0 controller for ESXi, Workstation and Fusion products.

“A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.” reads the advisory.

Another issue addressed by the company is a high-severity vulnerability that affects the USB 3.0 controller, which couldbe exploited by an attacker with admin privileges on the VM to cause a denial-of-service (DoS) condition or execute arbitrary code on the hypervisor.

VMware fixed several medium severity issues that can be exploited by local attackers to cause a DoS condition or to read privileged information from memory.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, virtualization)

[adrotate banner=”5″]

[adrotate banner=”13″]