Published: 24/06/2020 Updated: 01/07/2020

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x prior to 15.5.5), and Fusion (11.x prior to 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware cloud foundation
vmware fusion
vmware workstation
vmware esxi 6.5
vmware esxi 6.7
vmware esxi 7.0.0

CWE-416 https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-785/https://nvd.nist.gov https://www.vmware.com/security/advisories/VMSA-2020-0015.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-3962

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect