CVE-2020-3969 – VMware Workstation SVGA3D Command Heap Overflow Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2020-3969

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de desbordamiento de pila por un paso en el dispositivo SVGA. Un actor malicioso con acceso local a una máquina virtual con gráficos 3D habilitados puede ser capaz de explotar esta vulnerabilidad para ejecutar código en el hipervisor desde una máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-786 • CWE-193: Off-by-one Error •