VMware patches multiple vulnerabilities in ESXi, Workstation, Fusion, VMRC and Horizon Client

Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client

VMware issued a security advisory for multiple vulnerabilities that impact VMware ESXi, Workstation, Fusion, VMRC and Horizon Client products.

An attacker could exploit one of these vulnerabilities and take control of an unpatched system.

The three VMware updates address the following vulnerabilities: CVE-2020-3957, CVE-2020-3958 and CVE-2020-3959.

CVE-2020-3957: Service opener – Time-of-check Time-of-use (TOCTOU) issue

VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability CVE-2020-3957 caused by a Time-of-check Time-of-use (TOCTOU) issue in the service opener.

“Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system,” VMware stated in the advisory.

The vulnerability has a CVSSv3 base score of 7.3 and is High severity.

CVE-2020-3958: DoS vulnerability in Shader functionality

The second patch addresses a denial-of-service (DoS) vulnerability CVE-2020-3958 in the shader functionality of VMware ESXi, Workstation and Fusion.

“Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine’s vmx process leading to a denial of service condition,” VMware warned.

In addition, a bad actor would require access to a virtual machine with 3D graphics enabled in order to exploit this vulnerability. Although 3D graphics is not enabled by default on ESXi, it is enabled by default on Workstation and Fusion.

VMware has rated this issue as Moderate.

CVE-2020-3959: Memory leak vulnerability in VMCI module

The third patch addresses a memory leak vulnerability CVE-2020-3959 in the VMCI module of VMware ESXi, Workstation and Fusion.

“A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine’s vmx process leading to a partial denial of service,” VMware stated.

VMware has rated this issue as Low severity.

Related Articles