VMware has recently patched multiple vulnerabilities affecting Workstation, Fusion, and more. These vulnerabilities also included some critical severity bugs.
Reportedly, VMware has addressed a critical security bug affecting its products.
As elaborated in their advisory, the vulnerability (CVE-2020-3962) existed in the VMware Workstation (Pro/Player), ESXi, Fusion (Pro/Fusion), and VMware Cloud Foundation. This critical flaw attained a CVSS score of 9.3.
Describing this use after free bug, the advisory reads,
Detailing the response matrix, VMware also mentioned two more vulnerabilities. One of these includes a high-severity off-by-one heap-overflow flaw (CVE-2020-3969) that achieved a CVSS score of 8.1. Whereas, the other included a medium severity Out-of-bound read vulnerability in Shader Functionality (CVE-2020-3970).
Apart from the above three, VMware also patched six high-severity vulnerabilities affecting its products. Three of these, CVE-2020-3967, CVE-2020-3968, and CVE-2020-3966, achieved a CVSS score of 8.1. Whereas, the other three, CVE-2020-3965, CVE-2020-3964, and CVE-2020-3963 achieved a CVSS score of 7.1.
Moreover, they also addressed a single medium severity flaw (CVE-2020-3971) with a 5.9 CVSS score.
Hence, in all, the vendors have released fixes for 10 different security vulnerabilities.