VMware Reveals Critical Hypervisor Bugs. One lets Guests Run Code on Hosts

[upnorth]

Content source

https://www.theregister.com/2020/11/20/vmware_esxi_flaws/

VMware has revealed and repaired the flaws in its hypervisor discovered at China’s Tianfu Cup white hat hacking competition.

CVE-2020-4004, rated critical due to its 9.3 on the CVSS scale, is described as a “Use-after-free vulnerability in XHCI USB controller”. It allows a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host. The VMX process runs in the VMkernel and is responsible for handling I/O to devices, so there’s the potential for data exfiltration. The bug needs patching in ESXi from version 6.5, VMware’s Fusion and Workstation desktop hypervisors from versions 11 and 15 respectively, plus VMware Cloud Foundation from version 3.

CVE-2020-4005 is a VMX elevation-of-privilege vulnerability and rated as important with an 8.8 CVSS score. Getting this one to work requires exploitation of the other bug described above. Users of ESXi from version 6.5 and Cloud Foundation from version 3 need to get busy on this one.

Patches are available for the two flaws, with download details available at VMware’s security advisory page.

VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hosts

ESXi, Cloud Foundation, and desktop hypervisor users should get patching

www.theregister.com

 

[dinosaur07]

These White Hat competitions are very useful and extremely efficient for devs to remove the hard to find bugs from their software.
In my opinion more and more companies have to join these competitions to strengthen their software products.