VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Vmware
  • Cloud Foundation
  • Esxi
  • Fusion
  • Workstation

Configuration 1 [-]

OR cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201911001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201911401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201911402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912104:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912301:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-201912404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:650-202005001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-201912405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-202004001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.7:670-202004002:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:7.0.0:-:*:*:*:*:*:*

No data.

References
Link Providers
https://www.vmware.com/security/advisories/VMSA-2020-0015.html cve-icon cve-icon
https://www.zerodayinitiative.com/advisories/ZDI-20-783/ cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2020-06-25T14:45:34

Updated: 2024-08-04T07:52:20.417Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-3966

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-06-25T15:15:11.257

Modified: 2020-07-01T17:57:58.813

Link: CVE-2020-3966

cve-icon Redhat

No data.