vulnerability
VMSA-2020-0015: Heap-overflow issue in EHCI controller (CVE-2020-3967)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Jun 26, 2020 | Jun 26, 2020 | Oct 7, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Jun 26, 2020
Added
Jun 26, 2020
Modified
Oct 7, 2025
Description
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Solutions
vmware-esxi65-upgrade-16207673vmware-esxi67-upgrade-16316930vmware-esxi700-upgrade-16324942
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.