VMware Patches Several Vulnerabilities Allowing Code Execution on Hypervisor

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Content source
https://www.securityweek.com/vmware-patches-several-vulnerabilities-allowing-code-execution-hypervisor
VMware informed customers on Tuesday that it addressed a total of 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity flaws that can be exploited for code execution on the hypervisor.

The most serious of the vulnerabilities is CVE-2020-3962, a critical use-after-free bug related to the SVGA device. An attacker who has local access to a virtual machine (VM) with 3D graphics enabled can exploit the weakness for arbitrary code execution on the hypervisor from the VM.

VMware has pointed out that 3D graphics are enabled by default on Workstation and Fusion, but not on ESXi.

A very similar vulnerability patched this week by the virtualization giant is an off-by-one heap overflow bug related to the SVGA device. Exploitation of this vulnerability requires the same types of permissions and it can also result in code execution, but it has been rated high severity instead of critical due to the attack complexity being assigned as high — the attack complexity is considered low for the previous flaw.

“Additional conditions beyond the attacker's control must be present for exploitation to be possible,” VMware said in its advisory.
Click to expand...
 
  • Like
Reactions: Protomartyr, Gandalf_The_Grey, upnorth and 1 other person
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Really makes you think twice about using virtualization as a isolation technique for testing malware... It's seeming more and more like it should be done where the host side is noncritical enough that you wouldn't get sad if it gets compromised. These kinds of zero-day VM escapes happen, especially the more virtualization-assisting special hardware you use :(
 
  • Like
Reactions: Protomartyr, Vitali Ortzi, harlan4096 and 1 other person
Brahman

Brahman

Level 17
Verified
Top Poster
Well-known
Aug 22, 2013
815
Everything coming out from US will always have a backdoor of some kind or other. Department defence from major countries are the top purchasers of newly found unpublished vulnerabilities and there are firms who deal with these kinds of transactions. So we will always be in dark about the most critical vulnerabilities as it will always remain hidden and will remain unpublished.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,167
News Archive
codswollip
codswollip
Gandalf_The_Grey
    • Like
    • +Reputation
Security News December Android updates fix critical zero-click RCE flaw
Replies
0
Views
1,317
Security News
Gandalf_The_Grey
Gandalf_The_Grey
LASER_oneXM
    • Like
    • +Reputation
Certain HP Enterprise LaserJet MFP Products – Potential Buffer Overflow, Remote Code Execution
Replies
0
Views
963
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top