CVE-2020-3968 vulnerability in VMware Products
Published on June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Products Associated with CVE-2020-3968
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-3968 are published in these products:
Affected Versions
VMware ESXi:- Version 7.0 before ESXi_7.0.0-1.20.16321839 is affected.
- Version 6.7 before ESXi670-202004101-SG is affected.
- Version 6.5 before ESXi650-202005401-SG is affected.
- Version 15.x before 15.5.5 is affected.
- Version 11.x before 11.5.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.