VMware ESXi VMware ESXi is a type-1 bare metal hypervisor.
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware ESXi.
Known Exploited VMware ESXi Vulnerabilities
The following VMware ESXi vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| VMware ESXi Arbitrary Write Vulnerability |
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox. CVE-2025-22225 Exploit Probability: 6.0% |
March 4, 2025 |
| VMware ESXi Authentication Bypass Vulnerability |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. CVE-2024-37085 Exploit Probability: 72.5% |
July 30, 2024 |
| OpenSLP as used in VMware ESXi |
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. CVE-2020-3992 Exploit Probability: 82.7% |
November 3, 2021 |
The vulnerability CVE-2020-3992: OpenSLP as used in VMware ESXi is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2024-37085: VMware ESXi Authentication Bypass Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
VMware ESXi EOL Dates
Ensure that you are using a supported version of VMware ESXi. Here are some end of life, and end of support dates for VMware ESXi.
| Release | EOL Date | Status |
|---|---|---|
| 9.0 | - |
Active
|
| 8.0 | October 11, 2027 |
Active
VMware ESXi 8.0 will become EOL next year, in October 2027. |
| 7.0 | October 2, 2025 |
EOL
VMware ESXi 7.0 became EOL in 2025. |
| 6.7 | October 15, 2022 |
EOL
VMware ESXi 6.7 became EOL in 2022. |
| 6.5 | October 15, 2022 |
EOL
VMware ESXi 6.5 became EOL in 2022. |
| 6.0 | March 12, 2020 |
EOL
VMware ESXi 6.0 became EOL in 2020. |
| 5.5 | September 19, 2018 |
EOL
VMware ESXi 5.5 became EOL in 2018. |
| 5.1 | August 24, 2016 |
EOL
VMware ESXi 5.1 became EOL in 2016. |
| 5.0 | August 24, 2016 |
EOL
VMware ESXi 5.0 became EOL in 2016. |
By the Year
In 2026 there have been 1 vulnerability in VMware ESXi with an average score of 3.3 out of ten. Last year, in 2025 ESXi had 7 security vulnerabilities published. Right now, ESXi is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 4.70
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 3.30 |
| 2025 | 7 | 8.00 |
| 2024 | 8 | 7.43 |
| 2023 | 2 | 5.70 |
| 2022 | 15 | 6.69 |
| 2021 | 3 | 8.70 |
| 2020 | 21 | 6.60 |
| 2019 | 11 | 7.14 |
| 2018 | 9 | 0.00 |
It may take a day or so for new ESXi vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware ESXi Security Vulnerabilities
ESXi Intel 800-Series Driver Info Disclosure (v<2.2.2.0 & 2.2.3.0)
CVE-2025-25058
3.3 - Low
- February 10, 2026
Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper Initialization
VMware ESXi Guest Operation Denial-of-Service via VMware Tools
CVE-2025-41226
- May 20, 2025
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.
VMware ESXi Guest VM Controlled Buffer Memory Corruption
CVE-2025-21460
7.8 - High
- May 06, 2025
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
Improper Input Validation
VMware ESXi/Workstation/Fusion: OOB Read in HGFS Enables VM Memory Disclosure
CVE-2025-22226
7.1 - High
- March 04, 2025
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Out-of-bounds Read
VMware ESXi Arbitrary Write Escape via VMX Kernel Write
CVE-2025-22225
8.2 - High
- March 04, 2025
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Write-what-where Condition
VMware ESXi TOCTOU OOB Write Allows VM Admin Code Exec as VMX
CVE-2025-22224
9.3 - Critical
- March 04, 2025
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
TOCTTOU
Memory Corruption in VMware ESXi Hypervisor via Guest-Controlled Buffer
CVE-2024-53031
7.8 - High
- March 03, 2025
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.
Memory Corruption
VMware ESXi Virtual Input Config Memory Corruption
CVE-2024-38420
7.8 - High
- February 03, 2025
Memory corruption while configuring a Hypervisor based input virtual device.
Memory Corruption
VMware ESXi Auth Bypass via Recreating AD Group
CVE-2024-37085
6.8 - Medium
- June 25, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
Authentication Bypass by Primary Weakness
VMware ESXi OOB Read Enables Local Admin DoS
CVE-2024-37086
- June 25, 2024
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
OUT-OF-BDS READ/WRITE in VMware ESXi/WS/Fusion Storage Controllers
CVE-2024-22273
7.8 - High
- May 21, 2024
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Out-of-bounds Read
VMware ESXi Memory Corruption via Unsynced Signed VM Image
CVE-2023-33119
8.4 - High
- May 06, 2024
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
TOCTTOU
VMware ESXi/Workstation/Fusion XHCI USB UAF Exposes VMX Host Code
CVE-2024-22252
6.7 - Medium
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Dangling pointer
VMware ESXi OOB Write Enables VMX Sandbox Escape
CVE-2024-22254
8.2 - High
- March 05, 2024
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
VMware ESXi/WS Fusion UHCI USB Use-After-Free, VM Escape
CVE-2024-22253
6.7 - Medium
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
VMware ESXi/Workstation/Fusion: UHCI USB Info Disclosure
CVE-2024-22255
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
VMware ESXi: Compromised Host Forces VMware Tools Auth Failure
CVE-2023-20867
3.9 - Low
- June 13, 2023
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
authentification
CVE-2023-29552: Unauth Remote DoS via SLP Service Registration Spoofing
CVE-2023-29552
7.5 - High
- April 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
VMware ESXi/WS/Fusion EHCI heap OOB write (cve-2022-31705)
CVE-2022-31705
8.2 - High
- December 14, 2022
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Memory Corruption
Memory Corruption in VMware ESXi Socket Handling Enables Local Esc.
CVE-2022-31696
8.8 - High
- December 13, 2022
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Memory Corruption
VMware ESXi Heap-Ovflw in Sandbox Process Causes Partial Info Disclosure
CVE-2022-31699
3.3 - Low
- December 13, 2022
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
Memory Corruption
VMware ESXi Null-Pointer Deref: VMX Privilege => Host DoS
CVE-2022-31681
6.5 - Medium
- October 07, 2022
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
NULL Pointer Dereference
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-23825
6.5 - Medium
- July 14, 2022
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Exposure of Resource to Wrong Sphere
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant
CVE-2022-29901
6.5 - Medium
- July 12, 2022
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Exposure of Resource to Wrong Sphere
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may
CVE-2022-21166
5.5 - Medium
- June 15, 2022
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may
CVE-2022-21123
5.5 - Medium
- June 15, 2022
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may
CVE-2022-21125
5.5 - Medium
- June 15, 2022
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets
CVE-2021-22042
7.8 - High
- February 16, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
AuthZ
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy
CVE-2021-22050
7.5 - High
- February 16, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
Allocation of Resources Without Limits or Throttling
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
CVE-2021-22040
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller
CVE-2021-22041
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled
CVE-2021-22043
7.5 - High
- February 16, 2022
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
TOCTTOU
VMware ESXi (7.0
CVE-2021-22045
7.8 - High
- January 04, 2022
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Memory Corruption
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue
CVE-2021-21995
7.5 - High
- July 13, 2021
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
Out-of-bounds Read
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability
CVE-2021-21994
9.8 - Critical
- July 13, 2021
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
authentification
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551
CVE-2021-21974
8.8 - High
- February 24, 2021
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Memory Corruption
VMware ESXi (7.0 prior to ESXi70U1c-17325551)
CVE-2020-3999
6.5 - Medium
- December 21, 2020
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
Improper Input Validation
VMware ESXi (7.0 before ESXi70U1b-17168206
CVE-2020-4004
8.2 - High
- November 20, 2020
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability
CVE-2020-4005
7.8 - High
- November 20, 2020
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)
Improper Privilege Management
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3981
5.8 - Medium
- October 20, 2020
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
TOCTTOU
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3982
7.7 - High
- October 20, 2020
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Memory Corruption
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3992
9.8 - Critical
- October 20, 2020
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Dangling pointer
In VMware ESXi (6.7 before ESXi670-201908101-SG
CVE-2020-3995
5.3 - Medium
- October 20, 2020
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.
Memory Leak
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services
CVE-2020-3976
5.3 - Medium
- August 21, 2020
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Resource Exhaustion
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3970
3.8 - Low
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
Out-of-bounds Read
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3964
4.7 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
Use of Uninitialized Resource
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3968
8.2 - High
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Memory Corruption
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3967
7.5 - High
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Memory Corruption
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3966
7.5 - High
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Race Condition
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3965
5.5 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware ESXi or by VMware? Click the Watch button to subscribe.
