Security News > 2020 > June > Google Researcher Finds Vulnerability in VMware Virtualization Products
VMware this week informed customers that it has patched a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products.
The flaw, tracked as CVE-2020-3960, was reported to VMware by Cfir Cohen, a researcher from Google's cloud security team.
VNMe is a storage access and transport protocol designed for flash and SSDs. Using a NVMe controller with VMware products helps reduce guest I/O processing overhead and improves performance.
VMware also informed customers this week of a high-severity privilege escalation vulnerability affecting Horizon Client for Windows.
In late May, the virtualization giant fixed a privilege escalation vulnerability in Fusion for macOS that was introduced by a patch for a previous flaw.
News URL
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2020-3960 | Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. | 3.6 |