-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
VMSA-2020-0012 - VMware ESXi, Workstation and Fusion updates
address out-of-bounds read vulnerability
10 June 2020
AusCERT Security Bulletin Summary
Product: VMware vSphere ESXi (ESXi)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Confidential Data -- Existing Account
CVE Names: CVE-2020-3960
- --------------------------BEGIN INCLUDED TEXT--------------------
Advisory ID: VMSA-2020-0012
CVSSv3 Range: 7.1
Issue Date: 2020-06-09
Updated On: 2020-06-09 (Initial Advisory)
Synopsis: VMware ESXi, Workstation and Fusion updates address out-of-bounds
read vulnerability (CVE-2020-3960)
1. Impacted Products
o VMware vSphere ESXi (ESXi)
o VMware Workstation Pro / Player (Workstation)
o VMware Fusion Pro / Fusion (Fusion)
An out-of-bounds read vulnerability affecting VMware hypervisors was privately
reported to VMware. Updates are available to address this vulnerability in
affected VMware products.
3. VMware ESXi, Workstation and Fusion out-of-bounds read vulnerability
VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability
in NVMe functionality. VMware has evaluated the severity of this issue to be in
the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vendors
A malicious actor with local non-administrative access to a virtual machine may
be able to read privileged information contained in memory.
To remediate CVE-2020-3960 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' below.
VMware would like to thank Cfir Cohen of Google Cloud security for reporting
this issue to us.
Product Version Running CVE CVSSv3 Severity Fixed Version Workarounds Additional
On Identifier Documentation
ESXi 7.0 Any CVE-2020-3960 N/A N/A Unaffected N/A N/A
ESXi 6.7 Any CVE-2020-3960 7.1 ESXi670-202006401-SG None None
ESXi 6.5 Any CVE-2020-3960 7.1 ESXi650-202005401-SG None None
Workstation 15.x Any CVE-2020-3960 7.1 15.5.5 None None
Fusion 11.x Any CVE-2020-3960 7.1 11.5.5 None None
ESXi 6.7 Patch ESXi670-202006401-SG
ESXi 6.5 Patch ESXi650-202005401-SG
VMware Workstation Pro 15.5.5
VMware Fusion 11.5.5
Mitre CVE Dictionary Links:
FIRST CVSSv3 Calculator:
5. Change Log
Initial security advisory.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to email@example.com
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----