VMware Security Announcement VMSA-2020-0029

VMware just released a new security announcement, VMSA-2020-0029. This affects VMware ESXi, Workstation, Fusion and Cloud Foundation. The updates address a denial of service vulnerability (CVE-2020-3999). Patch versions to fix the vulnerability along with details below.

Impacted Products
  • VMware ESXi
  • VMware Workstation
  • VMware Fusion
  • VMware Cloud Foundation
Introduction

A denial of service vulnerability in VMware ESXi, Workstation and Fusion was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

Denial-of-Service Vulnerability due to improper input validation (CVE-2020-3999)

Description

VMware ESXi, Workstation and Fusion contain a denial of service vulnerability due to improper input validation in GuestInfo. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.

Known Attack Vectors

A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Resolution

For ESXi 7.0 apply patch ESXi70U1c-17325551. Download links will be provided below.

ESXi 6.7 and ESXi 6.5 are not affected by this vulnerability.

For Workstation 16.x, apply patch 16.0. Download links will be provided below.

For Workstation 15.x, apply patch 15.5.7. Download links will be provided below.

For Fusion 12.x, apply patch 12.0. Download links will be provided below.

For Fusion 11.x, apply patch 11.5.7. Download links will be provided below.

For Cloud Foundation 4.x, there is a patch pending. Stay tuned, I will update this post when the patch is released.

Cloud Foundation 3.x is unaffected.

References

VMware Patch Release ESXi 7.0 ESXi70U1c-17325551
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u1c.html


VMware Workstation Pro 16.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 16.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.htmlVMware

Workstation Pro 15.5.7

https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 15.5.7
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html

VMware Fusion 12.0
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

VMware Fusion 11.5.7

Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

Link to official VMware Advisory

VMSA-2020-0029 (vmware.com)

Thanks for reading.