CVE-2020-3970 vulnerability in VMware Products
Published on June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
Products Associated with CVE-2020-3970
Want to know whenever a new CVE is published for VMware products? stack.watch will email you.
Affected Versions
VMware ESXi:- Version 7.0 before ESXi_7.0.0-1.20.16321839 is affected.
- Version 6.7 before ESXi670-202004101-SG is affected.
- Version 6.5 before ESXi650-202005401-SG is affected.
- Version 15.x before 15.5.5 is affected.
- Version 11.x before 11.5.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.