CVE-2020-3971

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
vmwarecloud_foundation
3.0 ≤
𝑥
< 3.7.2
vmwarefusion
11.0.0 ≤
𝑥
< 11.0.2
vmwareworkstation
15.0.0 ≤
𝑥
< 15.0.2
vmwareesxi
6.5
vmwareesxi
6.5:650-201701001
vmwareesxi
6.5:650-201703001
vmwareesxi
6.5:650-201703002
vmwareesxi
6.5:650-201704001
vmwareesxi
6.5:650-201707101
vmwareesxi
6.5:650-201707102
vmwareesxi
6.5:650-201707103
vmwareesxi
6.5:650-201707201
vmwareesxi
6.5:650-201707202
vmwareesxi
6.5:650-201707203
vmwareesxi
6.5:650-201707204
vmwareesxi
6.5:650-201707205
vmwareesxi
6.5:650-201707206
vmwareesxi
6.5:650-201707207
vmwareesxi
6.5:650-201707208
vmwareesxi
6.5:650-201707209
vmwareesxi
6.5:650-201707210
vmwareesxi
6.5:650-201707211
vmwareesxi
6.5:650-201707212
vmwareesxi
6.5:650-201707213
vmwareesxi
6.5:650-201707214
vmwareesxi
6.5:650-201707215
vmwareesxi
6.5:650-201707216
vmwareesxi
6.5:650-201707217
vmwareesxi
6.5:650-201707218
vmwareesxi
6.5:650-201707219
vmwareesxi
6.5:650-201707220
vmwareesxi
6.5:650-201707221
vmwareesxi
6.5:650-201710001
vmwareesxi
6.5:650-201712001
vmwareesxi
6.5:650-201803001
vmwareesxi
6.5:650-201806001
vmwareesxi
6.5:650-201808001
vmwareesxi
6.5:650-201810001
vmwareesxi
6.5:650-201810002
vmwareesxi
6.5:650-201811001
vmwareesxi
6.5:650-201811002
vmwareesxi
6.5:650-201811301
vmwareesxi
6.5:650-201901001
vmwareesxi
6.5:650-201903001
vmwareesxi
6.5:650-201905001
vmwareesxi
6.7
vmwareesxi
6.7:670-201806001
vmwareesxi
6.7:670-201807001
vmwareesxi
6.7:670-201808001
vmwareesxi
6.7:670-201810001
vmwareesxi
6.7:670-201810101
vmwareesxi
6.7:670-201810102
vmwareesxi
6.7:670-201810103
vmwareesxi
6.7:670-201810201
vmwareesxi
6.7:670-201810202
vmwareesxi
6.7:670-201810203
vmwareesxi
6.7:670-201810204
vmwareesxi
6.7:670-201810205
vmwareesxi
6.7:670-201810206
vmwareesxi
6.7:670-201810207
vmwareesxi
6.7:670-201810208
vmwareesxi
6.7:670-201810209
vmwareesxi
6.7:670-201810210
vmwareesxi
6.7:670-201810211
vmwareesxi
6.7:670-201810212
vmwareesxi
6.7:670-201810213
vmwareesxi
6.7:670-201810214
vmwareesxi
6.7:670-201810215
vmwareesxi
6.7:670-201810216
vmwareesxi
6.7:670-201810217
vmwareesxi
6.7:670-201810218
vmwareesxi
6.7:670-201810219
vmwareesxi
6.7:670-201810220
vmwareesxi
6.7:670-201810221
vmwareesxi
6.7:670-201810222
vmwareesxi
6.7:670-201810223
vmwareesxi
6.7:670-201810224
vmwareesxi
6.7:670-201810225
vmwareesxi
6.7:670-201810226
vmwareesxi
6.7:670-201810227
vmwareesxi
6.7:670-201810228
vmwareesxi
6.7:670-201810229
vmwareesxi
6.7:670-201810230
vmwareesxi
6.7:670-201810231
vmwareesxi
6.7:670-201810232
vmwareesxi
6.7:670-201810233
vmwareesxi
6.7:670-201810234
vmwareesxi
6.7:670-201811001
vmwareesxi
6.7:670-201901001
vmwareesxi
6.7:670-201901401
vmwareesxi
6.7:670-201901402
vmwareesxi
6.7:670-201901403
vmwareesxi
6.7:670-201903001
vmwareesxi
6.7:670-201904001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
https://www.vmware.com/security/advisories/VMSA-2020-0015.html