CVE-2020-3963 - Use After Free

Severity

55%

Complexity

18%

Confidentiality

60%

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

First reported 4 years ago

2020-06-25 15:15:00

Last updated 4 years ago

2020-07-17 21:15:00

Affected Software

VMware Cloud Foundation

VMware Fusion

VMWare VMWare

VMware Esxi 6.5

6.5

VMware ESXi 6.5 650-201701001

6.5

VMware ESXi 6.5 650-201703001

6.5

VMware ESXi 6.5 650-201703002

6.5

VMware ESXi 6.5 650-201704001

6.5

VMware ESXi 6.5 650-201707101

6.5

VMware ESXi 6.5 650-201707102

6.5

VMware ESXi 6.5 650-201707103

6.5

VMware ESXi 6.5 650-201707201

6.5

VMware ESXi 6.5 650-201707202

6.5

VMware ESXi 6.5 650-201707203

6.5

VMware ESXi 6.5 650-201707204

6.5

VMware ESXi 6.5 650-201707205

6.5

VMware ESXi 6.5 650-201707206

6.5

VMware ESXi 6.5 650-201707207

6.5

VMware ESXi 6.5 650-201707208

6.5

VMware ESXi 6.5 650-201707209

6.5

VMware ESXi 6.5 650-201707210

6.5

VMware ESXi 6.5 650-201707211

6.5

VMware ESXi 6.5 650-201707212

6.5

VMware ESXi 6.5 650-201707213

6.5

VMware ESXi 6.5 650-201707214

6.5

VMware ESXi 6.5 650-201707215

6.5

VMware ESXi 6.5 650-201707216

6.5

VMware ESXi 6.5 650-201707217

6.5

VMware ESXi 6.5 650-201707218

6.5

VMware ESXi 6.5 650-201707219

6.5

VMware ESXi 6.5 650-201707220

6.5

VMware ESXi 6.5 650-201707221

6.5

VMware ESXi 6.5 650-201710001

6.5

VMware ESXi 6.5 650-201712001

6.5

VMware ESXi 6.5 650-201803001

6.5

VMware ESXi 6.5 650-201806001

6.5

VMware ESXi 6.5 650-201808001

6.5

VMware ESXi 6.5 650-201810001

6.5

VMware ESXi 6.5 650-201810002

6.5

VMware ESXi 6.5 650-201811001

6.5

VMware ESXi 6.5 650-201811002

6.5

VMware ESXi 6.5 650-201811301

6.5

VMware ESXi 6.5 650-201901001

6.5

VMware ESXi 6.5 650-201903001

6.5

VMware ESXi 6.5 650-201905001

6.5

VMware Esxi 6.5 650-201908001

6.5

VMware Esxi 6.5 650-201910001

6.5

VMware Esxi 6.5 650-20191004001

6.5

VMware ESXi 6.5 650-201911001

6.5

VMware ESXi 6.5 650-201911401

6.5

VMware ESXi 6.5 650-201911402

6.5

VMware ESXi 6.5 650-201912001

6.5

VMware ESXi 6.5 650-201912002

6.5

VMware ESXi 6.5 650-201912101

6.5

VMware ESXi 6.5 650-201912102

6.5

VMware ESXi 6.5 650-201912103

6.5

VMware ESXi 6.5 650-201912104

6.5

VMware ESXi 6.5 650-201912301

6.5

VMware ESXi 6.5 650-201912401

6.5

VMware ESXi 6.5 650-201912402

6.5

VMware ESXi 6.5 650-201912403

6.5

VMware ESXi 6.5 650-201912404

6.5

VMware ESXi 6.5 650-202005001

6.5

VMware Esxi 6.7

6.7

VMware ESXi 6.7 670-201806001

6.7

VMware ESXi 6.7 670-201807001

6.7

VMware ESXi 6.7 670-201808001

6.7

VMware ESXi 6.7 670-201810001

6.7

VMware ESXi 6.7 670-201810101

6.7

VMware ESXi 6.7 670-201810102

6.7

VMware ESXi 6.7 670-201810103

6.7

VMware ESXi 6.7 670-201810201

6.7

VMware ESXi 6.7 670-201810202

6.7

VMware ESXi 6.7 670-201810203

6.7

VMware ESXi 6.7 670-201810204

6.7

VMware ESXi 6.7 670-201810205

6.7

VMware ESXi 6.7 670-201810206

6.7

VMware ESXi 6.7 670-201810207

6.7

VMware ESXi 6.7 670-201810208

6.7

VMware ESXi 6.7 670-201810209

6.7

VMware ESXi 6.7 670-201810210

6.7

VMware ESXi 6.7 670-201810211

6.7

VMware ESXi 6.7 670-201810212

6.7

VMware ESXi 6.7 670-201810213

6.7

VMware ESXi 6.7 670-201810214

6.7

VMware ESXi 6.7 670-201810215

6.7

VMware ESXi 6.7 670-201810216

6.7

VMware ESXi 6.7 670-201810217

6.7

VMware ESXi 6.7 670-201810218

6.7

VMware ESXi 6.7 670-201810219

6.7

VMware ESXi 6.7 670-201810220

6.7

VMware ESXi 6.7 670-201810221

6.7

VMware ESXi 6.7 670-201810222

6.7

VMware ESXi 6.7 670-201810223

6.7

VMware ESXi 6.7 670-201810224

6.7

VMware ESXi 6.7 670-201810225

6.7

VMware ESXi 6.7 670-201810226

6.7

VMware ESXi 6.7 670-201810227

6.7

VMware ESXi 6.7 670-201810228

6.7

VMware ESXi 6.7 670-201810229

6.7

VMware ESXi 6.7 670-201810230

6.7

VMware ESXi 6.7 670-201810231

6.7

VMware ESXi 6.7 670-201810232

6.7

VMware ESXi 6.7 670-201810233

6.7

VMware ESXi 6.7 670-201810234

6.7

VMware ESXi 6.7 670-201811001

6.7

VMware ESXi 6.7 670-201901001

6.7

VMware ESXi 6.7 670-201901401

6.7

VMware ESXi 6.7 670-201901402

6.7

VMware ESXi 6.7 670-201901403

6.7

VMware Esxi 6.7 670-201903001

6.7

VMware Esxi 6.7 670-201904001

6.7

VMware ESXi 6.7 670-201904201

6.7

VMware ESXi 6.7 670-201904202

6.7

VMware ESXi 6.7 670-201904203

6.7

VMware ESXi 6.7 670-201904204

6.7

VMware ESXi 6.7 670-201904205

6.7

VMware ESXi 6.7 670-201904206

6.7

VMware ESXi 6.7 670-201904207

6.7

VMware ESXi 6.7 670-201904208

6.7

VMware ESXi 6.7 670-201904209

6.7

VMware ESXi 6.7 670-201904210

6.7

VMware ESXi 6.7 670-201904211

6.7

VMware ESXi 6.7 670-201904212

6.7

VMware ESXi 6.7 670-201904213

6.7

VMware ESXi 6.7 670-201904214

6.7

VMware ESXi 6.7 670-201904215

6.7

VMware ESXi 6.7 670-201904216

6.7

VMware ESXi 6.7 670-201904217

6.7

VMware ESXi 6.7 670-201904218

6.7

VMware ESXi 6.7 670-201904219

6.7

VMware ESXi 6.7 670-201904220

6.7

VMware ESXi 6.7 670-201904221

6.7

VMware ESXi 6.7 670-201904222

6.7

VMware ESXi 6.7 670-201904223

6.7

VMware ESXi 6.7 670-201904224

6.7

VMware ESXi 6.7 670-201904225

6.7

VMware ESXi 6.7 670-201904226

6.7

VMware ESXi 6.7 670-201904227

6.7

VMware ESXi 6.7 670-201904228

6.7

VMware ESXi 6.7 670-201904229

6.7

VMware Esxi 6.7 670-201905001

6.7

VMware Esxi 6.7 670-201906002

6.7

VMware Esxi 6.7 670-201908101

6.7

VMware Esxi 6.7 670-201908102

6.7

VMware Esxi 6.7 670-201908103

6.7

VMware Esxi 6.7 670-201908104

6.7

VMware Esxi 6.7 670-201908201

6.7

VMware Esxi 6.7 670-201908202

6.7

VMware Esxi 6.7 670-201908203

6.7

VMware Esxi 6.7 670-201908204

6.7

VMware Esxi 6.7 670-201908205

6.7

VMware Esxi 6.7 670-201908206

6.7

VMware Esxi 6.7 670-201908207

6.7

VMware Esxi 6.7 670-201908208

6.7

VMware Esxi 6.7 670-201908209

6.7

VMware Esxi 6.7 670-201908210

6.7

VMware Esxi 6.7 670-201908211

6.7

VMware Esxi 6.7 670-201908212

6.7

VMware Esxi 6.7 670-201908213

6.7

VMware Esxi 6.7 670-201908214

6.7

VMware Esxi 6.7 670-201908215

6.7

VMware Esxi 6.7 670-201908216

6.7

VMware Esxi 6.7 670-201908217

6.7

VMware Esxi 6.7 670-201908218

6.7

VMware Esxi 6.7 670-201908219

6.7

VMware Esxi 6.7 670-201908220

6.7

VMware Esxi 6.7 670-201908221

6.7

VMware ESXi 6.7 670-201912001

6.7

VMware ESXi 6.7 670-201912101

6.7

VMware ESXi 6.7 670-201912102

6.7

VMware ESXi 6.7 670-201912401

6.7

VMware ESXi 6.7 670-201912402

6.7

VMware ESXi 6.7 670-201912403

6.7

VMware ESXi 6.7 670-201912404

6.7

VMware ESXi 6.7 670-201912405

6.7

VMware ESXi 6.7 670-202004001

6.7

VMware ESXi 6.7 670-202004002

6.7

VMware ESXi 6.7 670-202004301

6.7

VMware ESXi 6.7 670-202004401

6.7

VMware ESXi 6.7 670-202004402

6.7

VMware ESXi 6.7 670-202004403

6.7

VMware ESXi 6.7 670-202004404

6.7

VMware ESXi 6.7 670-202004405

6.7

VMware ESXi 6.7 670-202004406

6.7

VMware ESXi 6.7 670-202004407

6.7

VMware ESXi 6.7 670-202004408

6.7

References

https://www.vmware.com/security/advisories/VMSA-2020-0015.html

https://www.vmware.com/security/advisories/VMSA-2020-0015.html

Vendor Advisory

http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html

20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.