Security News > 2020 > June > Google Researcher Finds Vulnerability in VMware Virtualization Products

Google Researcher Finds Vulnerability in VMware Virtualization Products
2020-06-10 14:25

VMware this week informed customers that it has patched a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products.

The flaw, tracked as CVE-2020-3960, was reported to VMware by Cfir Cohen, a researcher from Google's cloud security team.

VNMe is a storage access and transport protocol designed for flash and SSDs. Using a NVMe controller with VMware products helps reduce guest I/O processing overhead and improves performance.

VMware also informed customers this week of a high-severity privilege escalation vulnerability affecting Horizon Client for Windows.

In late May, the virtualization giant fixed a privilege escalation vulnerability in Fusion for macOS that was introduced by a patch for a previous flaw.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/5fFv5dMKy68/google-researcher-finds-vulnerability-vmware-virtualization-products

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2020-3960 Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality.
local
low complexity
vmware CWE-125
8.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Vmware 146 11 222 256 102 591