CVE-2020-3981

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
20/10/2020
Last modified:
21/07/2021

Description

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* 3.0 (including) 3.10.1 (excluding)
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* 4.0 (including) 4.1 (excluding)
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:* 15.0.0 (including) 15.5.6 (including)
cpe:2.3:o:vmware:esxi:7.0.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0.0:1.20.16321839:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:* 11.0 (including) 11.5.6 (excluding)
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*


References to Advisories, Solutions, and Tools