Important

VMSA-2020-0012
7.1
2020-06-09
2020-06-09 (Initial Advisory)
CVE-2020-3960
VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability (CVE-2020-3960)

Share this page on social media

Sign up for Security Advisories

1. Impacted Products
  • VMware vSphere ESXi (ESXi)
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
2. Introduction

An out-of-bounds read vulnerability affecting VMware hypervisors was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

3. VMware ESXi, Workstation and Fusion out-of-bounds read vulnerability (CVE-2020-3960)

Description

VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors

A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.

Resolution

To remediate CVE-2020-3960 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Cfir Cohen of Google Cloud security for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
ESXi
7.0
Any
CVE-2020-3960
N/A
N/A
Unaffected
N/A
N/A
ESXi
6.7
Any
CVE-2020-3960
None
None
ESXi
6.5
Any
CVE-2020-3960
None
None
Workstation
15.x
Any
CVE-2020-3960
None
None
Fusion
11.x
Any
CVE-2020-3960
None
None
4. References
5. Change Log

2020-06-09 VMSA-2020-0012
Initial security advisory.   

6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com

 

E-mail:
security@vmware.com

 

PGP key at:
https://kb.vmware.com/kb/1055

 

VMware Security Advisories:
https://www.vmware.com/security/advisories

 

VMware Security Response Policy:
https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases:
https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog:
https://blogs.vmware.com/security

 

Twitter:
https://twitter.com/VMwareSRC

 

Copyright 2020 VMware Inc. All rights reserved.