CVE-2020-3995 Information

Description

In VMware ESXi (6.7 before ESXi670-201908101-SG 6.5 before ESXi650-202007101-SG) Workstation (15.x before 15.1.0) Fusion (11.x before 11.1.0) the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.3