VMware Fixed Multiple Vulnerabilities In Workstation, Fusion, and Others

VMware has recently patched multiple vulnerabilities affecting Workstation, Fusion, and more. These vulnerabilities also included some critical severity bugs.

Reportedly, VMware has addressed a critical security bug affecting its products.

As elaborated in their advisory, the vulnerability (CVE-2020-3962) existed in the VMware Workstation (Pro/Player), ESXi, Fusion (Pro/Fusion), and VMware Cloud Foundation. This critical flaw attained a CVSS score of 9.3.

Describing this use after free bug, the advisory reads,

Detailing the response matrix, VMware also mentioned two more vulnerabilities. One of these includes a high-severity off-by-one heap-overflow flaw (CVE-2020-3969) that achieved a CVSS score of 8.1. Whereas, the other included a medium severity Out-of-bound read vulnerability in Shader Functionality (CVE-2020-3970).

Apart from the above three, VMware also patched six high-severity vulnerabilities affecting its products. Three of these, CVE-2020-3967, CVE-2020-3968, and CVE-2020-3966, achieved a CVSS score of 8.1. Whereas, the other three, CVE-2020-3965, CVE-2020-3964, and CVE-2020-3963 achieved a CVSS score of 7.1.

Moreover, they also addressed a single medium severity flaw (CVE-2020-3971) with a 5.9 CVSS score.

Hence, in all, the vendors have released fixes for 10 different security vulnerabilities.

You Might Also Like