CVE-2020-3970 - Out-of-bounds Read

Severity

38%

Complexity

20%

Confidentiality

23%

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.

CVSS 3.1 Base Score 3.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L).

CVSS 2.0 Base Score 1.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P).

Demo Examples

Out-of-bounds Read

CWE-125

In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method


               
}

                     
return value;// check that the array index is less than the maximum// length of the array

                           
value = array[index];// get the value at the specified index of the array
// if array index is invalid then output error message// and return value indicating error
value = -1;

However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below.


               
...// check that the array index is within the correct// range of values for the array

Overview

First reported 4 years ago

2020-06-25 15:15:00

Last updated 4 years ago

2020-07-01 17:45:00

Affected Software

VMware Cloud Foundation

VMware Fusion

VMWare VMWare

VMware Esxi 6.5

6.5

VMware ESXi 6.5 650-201701001

6.5

VMware ESXi 6.5 650-201703001

6.5

VMware ESXi 6.5 650-201703002

6.5

VMware ESXi 6.5 650-201704001

6.5

VMware ESXi 6.5 650-201707101

6.5

VMware ESXi 6.5 650-201707102

6.5

VMware ESXi 6.5 650-201707103

6.5

VMware ESXi 6.5 650-201707201

6.5

VMware ESXi 6.5 650-201707202

6.5

VMware ESXi 6.5 650-201707203

6.5

VMware ESXi 6.5 650-201707204

6.5

VMware ESXi 6.5 650-201707205

6.5

VMware ESXi 6.5 650-201707206

6.5

VMware ESXi 6.5 650-201707207

6.5

VMware ESXi 6.5 650-201707208

6.5

VMware ESXi 6.5 650-201707209

6.5

VMware ESXi 6.5 650-201707210

6.5

VMware ESXi 6.5 650-201707211

6.5

VMware ESXi 6.5 650-201707212

6.5

VMware ESXi 6.5 650-201707213

6.5

VMware ESXi 6.5 650-201707214

6.5

VMware ESXi 6.5 650-201707215

6.5

VMware ESXi 6.5 650-201707216

6.5

VMware ESXi 6.5 650-201707217

6.5

VMware ESXi 6.5 650-201707218

6.5

VMware ESXi 6.5 650-201707219

6.5

VMware ESXi 6.5 650-201707220

6.5

VMware ESXi 6.5 650-201707221

6.5

VMware ESXi 6.5 650-201710001

6.5

VMware ESXi 6.5 650-201712001

6.5

VMware ESXi 6.5 650-201803001

6.5

VMware ESXi 6.5 650-201806001

6.5

VMware ESXi 6.5 650-201808001

6.5

VMware ESXi 6.5 650-201810001

6.5

VMware ESXi 6.5 650-201810002

6.5

VMware ESXi 6.5 650-201811001

6.5

VMware ESXi 6.5 650-201811002

6.5

VMware ESXi 6.5 650-201811301

6.5

VMware ESXi 6.5 650-201901001

6.5

VMware ESXi 6.5 650-201903001

6.5

VMware ESXi 6.5 650-201905001

6.5

VMware Esxi 6.5 650-201908001

6.5

VMware Esxi 6.5 650-201910001

6.5

VMware Esxi 6.5 650-20191004001

6.5

VMware ESXi 6.5 650-201911001

6.5

VMware ESXi 6.5 650-201911401

6.5

VMware ESXi 6.5 650-201911402

6.5

VMware ESXi 6.5 650-201912001

6.5

VMware ESXi 6.5 650-201912002

6.5

VMware ESXi 6.5 650-201912101

6.5

VMware ESXi 6.5 650-201912102

6.5

VMware ESXi 6.5 650-201912103

6.5

VMware ESXi 6.5 650-201912104

6.5

VMware ESXi 6.5 650-201912301

6.5

VMware ESXi 6.5 650-201912401

6.5

VMware ESXi 6.5 650-201912402

6.5

VMware ESXi 6.5 650-201912403

6.5

VMware ESXi 6.5 650-201912404

6.5

VMware ESXi 6.5 650-202005001

6.5

VMware Esxi 6.7

6.7

VMware ESXi 6.7 670-201806001

6.7

VMware ESXi 6.7 670-201807001

6.7

VMware ESXi 6.7 670-201808001

6.7

VMware ESXi 6.7 670-201810001

6.7

VMware ESXi 6.7 670-201810101

6.7

VMware ESXi 6.7 670-201810102

6.7

VMware ESXi 6.7 670-201810103

6.7

VMware ESXi 6.7 670-201810201

6.7

VMware ESXi 6.7 670-201810202

6.7

VMware ESXi 6.7 670-201810203

6.7

VMware ESXi 6.7 670-201810204

6.7

VMware ESXi 6.7 670-201810205

6.7

VMware ESXi 6.7 670-201810206

6.7

VMware ESXi 6.7 670-201810207

6.7

VMware ESXi 6.7 670-201810208

6.7

VMware ESXi 6.7 670-201810209

6.7

VMware ESXi 6.7 670-201810210

6.7

VMware ESXi 6.7 670-201810211

6.7

VMware ESXi 6.7 670-201810212

6.7

VMware ESXi 6.7 670-201810213

6.7

VMware ESXi 6.7 670-201810214

6.7

VMware ESXi 6.7 670-201810215

6.7

VMware ESXi 6.7 670-201810216

6.7

VMware ESXi 6.7 670-201810217

6.7

VMware ESXi 6.7 670-201810218

6.7

VMware ESXi 6.7 670-201810219

6.7

VMware ESXi 6.7 670-201810220

6.7

VMware ESXi 6.7 670-201810221

6.7

VMware ESXi 6.7 670-201810222

6.7

VMware ESXi 6.7 670-201810223

6.7

VMware ESXi 6.7 670-201810224

6.7

VMware ESXi 6.7 670-201810225

6.7

VMware ESXi 6.7 670-201810226

6.7

VMware ESXi 6.7 670-201810227

6.7

VMware ESXi 6.7 670-201810228

6.7

VMware ESXi 6.7 670-201810229

6.7

VMware ESXi 6.7 670-201810230

6.7

VMware ESXi 6.7 670-201810231

6.7

VMware ESXi 6.7 670-201810232

6.7

VMware ESXi 6.7 670-201810233

6.7

VMware ESXi 6.7 670-201810234

6.7

VMware ESXi 6.7 670-201811001

6.7

VMware ESXi 6.7 670-201901001

6.7

VMware ESXi 6.7 670-201901401

6.7

VMware ESXi 6.7 670-201901402

6.7

VMware ESXi 6.7 670-201901403

6.7

VMware Esxi 6.7 670-201903001

6.7

VMware Esxi 6.7 670-201904001

6.7

VMware ESXi 6.7 670-201904201

6.7

VMware ESXi 6.7 670-201904202

6.7

VMware ESXi 6.7 670-201904203

6.7

VMware ESXi 6.7 670-201904204

6.7

VMware ESXi 6.7 670-201904205

6.7

VMware ESXi 6.7 670-201904206

6.7

VMware ESXi 6.7 670-201904207

6.7

VMware ESXi 6.7 670-201904208

6.7

VMware ESXi 6.7 670-201904209

6.7

VMware ESXi 6.7 670-201904210

6.7

VMware ESXi 6.7 670-201904211

6.7

VMware ESXi 6.7 670-201904212

6.7

VMware ESXi 6.7 670-201904213

6.7

VMware ESXi 6.7 670-201904214

6.7

VMware ESXi 6.7 670-201904215

6.7

VMware ESXi 6.7 670-201904216

6.7

VMware ESXi 6.7 670-201904217

6.7

VMware ESXi 6.7 670-201904218

6.7

VMware ESXi 6.7 670-201904219

6.7

VMware ESXi 6.7 670-201904220

6.7

VMware ESXi 6.7 670-201904221

6.7

VMware ESXi 6.7 670-201904222

6.7

VMware ESXi 6.7 670-201904223

6.7

VMware ESXi 6.7 670-201904224

6.7

VMware ESXi 6.7 670-201904225

6.7

VMware ESXi 6.7 670-201904226

6.7

VMware ESXi 6.7 670-201904227

6.7

VMware ESXi 6.7 670-201904228

6.7

VMware ESXi 6.7 670-201904229

6.7

VMware Esxi 6.7 670-201905001

6.7

VMware Esxi 6.7 670-201906002

6.7

VMware Esxi 6.7 670-201908101

6.7

VMware Esxi 6.7 670-201908102

6.7

VMware Esxi 6.7 670-201908103

6.7

VMware Esxi 6.7 670-201908104

6.7

VMware Esxi 6.7 670-201908201

6.7

VMware Esxi 6.7 670-201908202

6.7

VMware Esxi 6.7 670-201908203

6.7

VMware Esxi 6.7 670-201908204

6.7

VMware Esxi 6.7 670-201908205

6.7

VMware Esxi 6.7 670-201908206

6.7

VMware Esxi 6.7 670-201908207

6.7

VMware Esxi 6.7 670-201908208

6.7

VMware Esxi 6.7 670-201908209

6.7

VMware Esxi 6.7 670-201908210

6.7

VMware Esxi 6.7 670-201908211

6.7

VMware Esxi 6.7 670-201908212

6.7

VMware Esxi 6.7 670-201908213

6.7

VMware Esxi 6.7 670-201908214

6.7

VMware Esxi 6.7 670-201908215

6.7

VMware Esxi 6.7 670-201908216

6.7

VMware Esxi 6.7 670-201908217

6.7

VMware Esxi 6.7 670-201908218

6.7

VMware Esxi 6.7 670-201908219

6.7

VMware Esxi 6.7 670-201908220

6.7

VMware Esxi 6.7 670-201908221

6.7

VMware ESXi 6.7 670-201912001

6.7

VMware ESXi 6.7 670-201912101

6.7

VMware ESXi 6.7 670-201912102

6.7

VMware ESXi 6.7 670-201912401

6.7

VMware ESXi 6.7 670-201912402

6.7

VMware ESXi 6.7 670-201912403

6.7

VMware ESXi 6.7 670-201912404

6.7

VMware ESXi 6.7 670-201912405

6.7

VMware ESXi 6.7 670-202004001

6.7

VMware ESXi 6.7 670-202004002

6.7

References

https://www.vmware.com/security/advisories/VMSA-2020-0015.html

https://www.zerodayinitiative.com/advisories/ZDI-20-782/

https://www.vmware.com/security/advisories/VMSA-2020-0015.html

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-782/

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.