VMSA-2020-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability
23579
07 June 2020
26 May 2020
CLOSED
HIGH
7.1
CVE-2020-3960
1. Impacted Products
- VMware vSphere ESXi (ESXi)
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
2. Introduction
An out-of-bounds read vulnerability affecting VMware hypervisors was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.
3. VMware ESXi, Workstation and Fusion out-of-bounds read vulnerability (CVE-2020-3960)
Description
VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors
A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
Resolution
To remediate CVE-2020-3960 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Cfir Cohen of Google Cloud security for reporting this issue to us.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| ESXi | 7.0 | Any | CVE-2020-3960 | N/A | N/A | Unaffected | N/A | N/A |
| ESXi | 6.7 | Any | CVE-2020-3960 | None | None | |||
| ESXi | 6.5 | Any | CVE-2020-3960 | None | None | |||
| Workstation | 15.x | Any | CVE-2020-3960 | None | None | |||
| Fusion | 11.x | Any | CVE-2020-3960 | None | None |
4. References
ESXi 6.7 Patch ESXi670-202006401-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202006001.html#esxi670-202006401-sg-resolved
ESXi 6.5 Patch ESXi650-202005401-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202005001.html#esxi650-202005401-sg-resolved
VMware Workstation Pro 15.5.5
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Fusion 11.5.5
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3960
FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
5. Change Log
2020-06-09 VMSA-2020-0012
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
[email protected]
E-mail:
[email protected]
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories:
https://www.vmware.com/security/advisories
VMware Security Response Policy:
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases:
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog:
https://blogs.vmware.com/security
Twitter:
https://twitter.com/VMwareSRC
Copyright 2020 VMware Inc. All rights reserved.