CVE-2020-3982 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3982
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (versiones 15.x), Fusion (versiones 11.x anteriores a de 11.5.6), contienen una vulnerabilidad de escritura fuera de límites debido a un problema time-of-check time-of-use en el dispositivo ACPI. Un actor malicioso con acceso administrativo a una máquina virtual puede ser capaz de explotar esta vulnerabilidad para bloquear el proceso vmx de la máquina virtual o corromper la pila de la memoria del hipervisor This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVE-2020-3976
https://notcve.org/view.php?id=CVE-2020-3976
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. VMware ESXi y vCenter Server, contienen una vulnerabilidad de denegación de servicio parcial en sus respectivos servicios de autenticación. VMware ha evaluado que la gravedad de este problema se encuentra en el rango de gravedad Moderada con una puntuación base máxima de CVSSv3 de 5.3. • https://www.vmware.com/security/advisories/VMSA-2020-0018.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-3971
https://notcve.org/view.php?id=CVE-2020-3971
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y versiones 6.5 anteriores a ESXi650-201907101-SG), Workstation (versiones 15.x anteriores a 15.0.2) y Fusion (versiones 11.x anteriores a 11.0.2), contiene una vulnerabilidad de desbordamiento de la pila en el adaptador de red virtual vmxnet3. Un actor malicioso con acceso local a una máquina virtual con un adaptador de red vmxnet3 presente puede ser capaz de leer información privilegiada contenida en la memoria física • https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-787: Out-of-bounds Write •
CVE-2020-3965
https://notcve.org/view.php?id=CVE-2020-3965
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una filtración de información en el controlador USB XHCI. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria del hipervisor desde una máquina virtual • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-125: Out-of-bounds Read •
CVE-2020-3964
https://notcve.org/view.php?id=CVE-2020-3964
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una filtración de información en el controlador USB EHCI. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria del hipervisor. • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-908: Use of Uninitialized Resource •