Vulnerability Details CVE-2020-3970
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.7%
CVSS Severity
CVSS v3 Score 3.8
CVSS v2 Score 1.9
References
Products affected by CVE-2020-3970
-
cpe:2.3:a:vmware:cloud_foundation:*
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.5
-
cpe:2.3:a:vmware:cloud_foundation:3.5.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7
-
cpe:2.3:a:vmware:cloud_foundation:3.7.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7.2
-
cpe:2.3:a:vmware:cloud_foundation:3.8
-
cpe:2.3:a:vmware:cloud_foundation:3.8.1
-
cpe:2.3:a:vmware:cloud_foundation:3.9
-
cpe:2.3:a:vmware:cloud_foundation:3.9.1
-
cpe:2.3:a:vmware:fusion:11.0.0
-
cpe:2.3:a:vmware:fusion:11.0.1
-
cpe:2.3:a:vmware:fusion:11.0.2
-
cpe:2.3:a:vmware:fusion:11.0.3
-
cpe:2.3:a:vmware:fusion:11.1.0
-
cpe:2.3:a:vmware:fusion:11.1.1
-
cpe:2.3:a:vmware:fusion:11.5.0
-
cpe:2.3:a:vmware:fusion:11.5.1
-
cpe:2.3:a:vmware:fusion:11.5.2
-
cpe:2.3:a:vmware:fusion:11.5.3
-
cpe:2.3:a:vmware:workstation:15.0.0
-
cpe:2.3:a:vmware:workstation:15.0.1
-
cpe:2.3:a:vmware:workstation:15.0.2
-
cpe:2.3:a:vmware:workstation:15.0.3
-
cpe:2.3:a:vmware:workstation:15.0.4
-
cpe:2.3:a:vmware:workstation:15.1.0
-
cpe:2.3:a:vmware:workstation:15.5.0
-
cpe:2.3:a:vmware:workstation:15.5.1
-
cpe:2.3:a:vmware:workstation:15.5.2
-
cpe:2.3:o:vmware:esxi:6.5
-
cpe:2.3:o:vmware:esxi:6.7
-
cpe:2.3:o:vmware:esxi:7.0.0