VMware Patches Several Vulnerabilities Allowing Code Execution on Hypervisor

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,731
123,854
8,399
Content source
https://www.securityweek.com/vmware-patches-several-vulnerabilities-allowing-code-execution-hypervisor
VMware informed customers on Tuesday that it addressed a total of 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity flaws that can be exploited for code execution on the hypervisor.

The most serious of the vulnerabilities is CVE-2020-3962, a critical use-after-free bug related to the SVGA device. An attacker who has local access to a virtual machine (VM) with 3D graphics enabled can exploit the weakness for arbitrary code execution on the hypervisor from the VM.

VMware has pointed out that 3D graphics are enabled by default on Workstation and Fusion, but not on ESXi.

A very similar vulnerability patched this week by the virtualization giant is an off-by-one heap overflow bug related to the SVGA device. Exploitation of this vulnerability requires the same types of permissions and it can also result in code execution, but it has been rated high severity instead of critical due to the attack complexity being assigned as high — the attack complexity is considered low for the previous flaw.

“Additional conditions beyond the attacker's control must be present for exploitation to be possible,” VMware said in its advisory.
Click to expand...
 
  • Like
Reactions: Protomartyr, Gandalf_The_Grey, upnorth and 1 other person
Really makes you think twice about using virtualization as a isolation technique for testing malware... It's seeming more and more like it should be done where the host side is noncritical enough that you wouldn't get sad if it gets compromised. These kinds of zero-day VM escapes happen, especially the more virtualization-assisting special hardware you use :(
 
  • Like
Reactions: Protomartyr, Vitali Ortzi, harlan4096 and 1 other person
Everything coming out from US will always have a backdoor of some kind or other. Department defence from major countries are the top purchasers of newly found unpublished vulnerabilities and there are firms who deal with these kinds of transactions. So we will always be in dark about the most critical vulnerabilities as it will always remain hidden and will remain unpublished.
 
You must log in or register to reply here.

You may also like...