CVE-2020-4004 - Use After Free

Severity

82%

Complexity

15%

Confidentiality

100%

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS 3.1 Base Score 8.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

First reported 4 years ago

2020-11-20 20:15:00

Last updated 4 years ago

2020-12-03 18:36:00

Affected Software

VMware Cloud Foundation

VMWare VMWare

VMware Esxi 6.5

6.5

VMware ESXi 6.5 650-201701001

6.5

VMware ESXi 6.5 650-201703001

6.5

VMware ESXi 6.5 650-201703002

6.5

VMware ESXi 6.5 650-201704001

6.5

VMware ESXi 6.5 650-201707101

6.5

VMware ESXi 6.5 650-201707102

6.5

VMware ESXi 6.5 650-201707103

6.5

VMware ESXi 6.5 650-201707201

6.5

VMware ESXi 6.5 650-201707202

6.5

VMware ESXi 6.5 650-201707203

6.5

VMware ESXi 6.5 650-201707204

6.5

VMware ESXi 6.5 650-201707205

6.5

VMware ESXi 6.5 650-201707206

6.5

VMware ESXi 6.5 650-201707207

6.5

VMware ESXi 6.5 650-201707208

6.5

VMware ESXi 6.5 650-201707209

6.5

VMware ESXi 6.5 650-201707210

6.5

VMware ESXi 6.5 650-201707211

6.5

VMware ESXi 6.5 650-201707212

6.5

VMware ESXi 6.5 650-201707213

6.5

VMware ESXi 6.5 650-201707214

6.5

VMware ESXi 6.5 650-201707215

6.5

VMware ESXi 6.5 650-201707216

6.5

VMware ESXi 6.5 650-201707217

6.5

VMware ESXi 6.5 650-201707218

6.5

VMware ESXi 6.5 650-201707219

6.5

VMware ESXi 6.5 650-201707220

6.5

VMware ESXi 6.5 650-201707221

6.5

VMware ESXi 6.5 650-201710001

6.5

VMware ESXi 6.5 650-201712001

6.5

VMware ESXi 6.5 650-201803001

6.5

VMware ESXi 6.5 650-201806001

6.5

VMware ESXi 6.5 650-201808001

6.5

VMware ESXi 6.5 650-201810001

6.5

VMware ESXi 6.5 650-201810002

6.5

VMware ESXi 6.5 650-201811001

6.5

VMware ESXi 6.5 650-201811002

6.5

VMware ESXi 6.5 650-201811301

6.5

VMware ESXi 6.5 650-201901001

6.5

VMware ESXi 6.5 650-201903001

6.5

VMware ESXi 6.5 650-201905001

6.5

VMware Esxi 6.5 650-201908001

6.5

VMware Esxi 6.5 650-201910001

6.5

VMware Esxi 6.5 650-20191004001

6.5

VMware ESXi 6.5 650-201911001

6.5

VMware ESXi 6.5 650-201911401

6.5

VMware ESXi 6.5 650-201911402

6.5

VMware ESXi 6.5 650-201912001

6.5

VMware ESXi 6.5 650-201912002

6.5

VMware ESXi 6.5 650-201912101

6.5

VMware ESXi 6.5 650-201912102

6.5

VMware ESXi 6.5 650-201912103

6.5

VMware ESXi 6.5 650-201912104

6.5

VMware ESXi 6.5 650-201912301

6.5

VMware ESXi 6.5 650-201912401

6.5

VMware ESXi 6.5 650-201912402

6.5

VMware ESXi 6.5 650-201912403

6.5

VMware ESXi 6.5 650-201912404

6.5

VMware ESXi 6.5 650-202005001

6.5

VMware Esxi 6.7

6.7

VMware ESXi 6.7 670-201806001

6.7

VMware ESXi 6.7 670-201807001

6.7

VMware ESXi 6.7 670-201808001

6.7

VMware ESXi 6.7 670-201810001

6.7

VMware ESXi 6.7 670-201810101

6.7

VMware ESXi 6.7 670-201810102

6.7

VMware ESXi 6.7 670-201810103

6.7

VMware ESXi 6.7 670-201810201

6.7

VMware ESXi 6.7 670-201810202

6.7

VMware ESXi 6.7 670-201810203

6.7

VMware ESXi 6.7 670-201810204

6.7

VMware ESXi 6.7 670-201810205

6.7

VMware ESXi 6.7 670-201810206

6.7

VMware ESXi 6.7 670-201810207

6.7

VMware ESXi 6.7 670-201810208

6.7

VMware ESXi 6.7 670-201810209

6.7

VMware ESXi 6.7 670-201810210

6.7

VMware ESXi 6.7 670-201810211

6.7

VMware ESXi 6.7 670-201810212

6.7

VMware ESXi 6.7 670-201810213

6.7

VMware ESXi 6.7 670-201810214

6.7

VMware ESXi 6.7 670-201810215

6.7

VMware ESXi 6.7 670-201810216

6.7

VMware ESXi 6.7 670-201810217

6.7

VMware ESXi 6.7 670-201810218

6.7

VMware ESXi 6.7 670-201810219

6.7

VMware ESXi 6.7 670-201810220

6.7

VMware ESXi 6.7 670-201810221

6.7

VMware ESXi 6.7 670-201810222

6.7

VMware ESXi 6.7 670-201810223

6.7

VMware ESXi 6.7 670-201810224

6.7

VMware ESXi 6.7 670-201810225

6.7

VMware ESXi 6.7 670-201810226

6.7

VMware ESXi 6.7 670-201810227

6.7

VMware ESXi 6.7 670-201810228

6.7

VMware ESXi 6.7 670-201810229

6.7

VMware ESXi 6.7 670-201810230

6.7

VMware ESXi 6.7 670-201810231

6.7

VMware ESXi 6.7 670-201810232

6.7

VMware ESXi 6.7 670-201810233

6.7

VMware ESXi 6.7 670-201810234

6.7

VMware ESXi 6.7 670-201811001

6.7

VMware ESXi 6.7 670-201901001

6.7

VMware ESXi 6.7 670-201901401

6.7

VMware ESXi 6.7 670-201901402

6.7

VMware ESXi 6.7 670-201901403

6.7

VMware Esxi 6.7 670-201903001

6.7

VMware Esxi 6.7 670-201904001

6.7

VMware ESXi 6.7 670-201904201

6.7

VMware ESXi 6.7 670-201904201-UG

6.7

VMware ESXi 6.7 670-201904202

6.7

VMware ESXi 6.7 670-201904202-UG

6.7

VMware ESXi 6.7 670-201904203

6.7

VMware ESXi 6.7 670-201904203-UG

6.7

VMware ESXi 6.7 670-201904204

6.7

VMware ESXi 6.7 670-201904204-UG

6.7

VMware ESXi 6.7 670-201904205

6.7

VMware ESXi 6.7 670-201904205-UG

6.7

VMware ESXi 6.7 670-201904206

6.7

VMware ESXi 6.7 670-201904206-UG

6.7

VMware ESXi 6.7 670-201904207

6.7

VMware ESXi 6.7 670-201904207-UG

6.7

VMware ESXi 6.7 670-201904208

6.7

VMware ESXi 6.7 670-201904208-UG

6.7

VMware ESXi 6.7 670-201904209

6.7

VMware ESXi 6.7 670-201904209-UG

6.7

VMware ESXi 6.7 670-201904210

6.7

VMware ESXi 6.7 670-201904210-UG

6.7

VMware ESXi 6.7 670-201904211

6.7

VMware ESXi 6.7 670-201904211-UG

6.7

VMware ESXi 6.7 670-201904212

6.7

VMware ESXi 6.7 670-201904212-UG

6.7

VMware ESXi 6.7 670-201904213

6.7

VMware ESXi 6.7 670-201904213-UG

6.7

VMware ESXi 6.7 670-201904214

6.7

VMware ESXi 6.7 670-201904214-UG

6.7

VMware ESXi 6.7 670-201904215

6.7

VMware ESXi 6.7 670-201904215-UG

6.7

VMware ESXi 6.7 670-201904216

6.7

VMware ESXi 6.7 670-201904216-UG

6.7

VMware ESXi 6.7 670-201904217

6.7

VMware ESXi 6.7 670-201904217-UG

6.7

VMware ESXi 6.7 670-201904218

6.7

VMware ESXi 6.7 670-201904218-UG

6.7

VMware ESXi 6.7 670-201904219

6.7

VMware ESXi 6.7 670-201904219-UG

6.7

VMware ESXi 6.7 670-201904220

6.7

VMware ESXi 6.7 670-201904220-UG

6.7

VMware ESXi 6.7 670-201904221

6.7

VMware ESXi 6.7 670-201904221-UG

6.7

VMware ESXi 6.7 670-201904222

6.7

VMware ESXi 6.7 670-201904222-UG

6.7

VMware ESXi 6.7 670-201904223

6.7

VMware ESXi 6.7 670-201904223-UG

6.7

VMware ESXi 6.7 670-201904224

6.7

VMware ESXi 6.7 670-201904224-UG

6.7

VMware ESXi 6.7 670-201904225

6.7

VMware ESXi 6.7 670-201904225-UG

6.7

VMware ESXi 6.7 670-201904226

6.7

VMware Esxi 6.7 670-201905001

6.7

VMware Esxi 6.7 670-201906002

6.7

VMware ESXi 6.7 670-201912001

6.7

VMware ESXi 6.7 670-202004001

6.7

VMware ESXi 6.7 670-202004002

6.7

References

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.