Vulnerability Details CVE-2020-3982
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.1%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 4.9
References
Products affected by CVE-2020-3982
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10
-
cpe:2.3:a:vmware:cloud_foundation:3.5
-
cpe:2.3:a:vmware:cloud_foundation:3.5.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7
-
cpe:2.3:a:vmware:cloud_foundation:3.7.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7.2
-
cpe:2.3:a:vmware:cloud_foundation:3.8
-
cpe:2.3:a:vmware:cloud_foundation:3.8.1
-
cpe:2.3:a:vmware:cloud_foundation:3.9
-
cpe:2.3:a:vmware:cloud_foundation:3.9.1
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:fusion:11.0
-
cpe:2.3:a:vmware:fusion:11.0.0
-
cpe:2.3:a:vmware:fusion:11.0.1
-
cpe:2.3:a:vmware:fusion:11.0.2
-
cpe:2.3:a:vmware:fusion:11.0.3
-
cpe:2.3:a:vmware:fusion:11.1.0
-
cpe:2.3:a:vmware:fusion:11.1.1
-
cpe:2.3:a:vmware:fusion:11.5.0
-
cpe:2.3:a:vmware:fusion:11.5.1
-
cpe:2.3:a:vmware:fusion:11.5.2
-
cpe:2.3:a:vmware:fusion:11.5.3
-
cpe:2.3:a:vmware:fusion:11.5.5
-
cpe:2.3:a:vmware:workstation:15.0.0
-
cpe:2.3:a:vmware:workstation:15.0.1
-
cpe:2.3:a:vmware:workstation:15.0.2
-
cpe:2.3:a:vmware:workstation:15.0.3
-
cpe:2.3:a:vmware:workstation:15.0.4
-
cpe:2.3:a:vmware:workstation:15.1.0
-
cpe:2.3:a:vmware:workstation:15.5.0
-
cpe:2.3:a:vmware:workstation:15.5.1
-
cpe:2.3:a:vmware:workstation:15.5.2
-
cpe:2.3:a:vmware:workstation:15.5.5
-
cpe:2.3:a:vmware:workstation:15.5.6
-
cpe:2.3:a:vmware:workstation_player:15.0.0
-
cpe:2.3:a:vmware:workstation_player:15.0.1
-
cpe:2.3:a:vmware:workstation_player:15.0.2
-
cpe:2.3:a:vmware:workstation_player:15.0.3
-
cpe:2.3:a:vmware:workstation_player:15.0.4
-
cpe:2.3:a:vmware:workstation_player:15.1.0
-
cpe:2.3:a:vmware:workstation_player:15.5.0
-
cpe:2.3:a:vmware:workstation_player:15.5.1
-
cpe:2.3:a:vmware:workstation_player:15.5.2
-
cpe:2.3:a:vmware:workstation_player:15.5.5
-
cpe:2.3:a:vmware:workstation_player:15.5.6
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:vmware:esxi:6.5
-
cpe:2.3:o:vmware:esxi:6.7
-
cpe:2.3:o:vmware:esxi:7.0.0