VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)

1. Impacted Products

• VMware Workstation Pro / Player (Workstation)
• VMware Fusion Pro / Fusion (Fusion)
• VMware Horizon Client for Windows
• VMware Remote Console for Windows (VMRC for Windows)

2. Introduction

VMware Horizon Client, VMRC, VMware Workstation and Fusion contain use-after-free and privilege escalation vulnerabilities. Patches are available to remediate these vulnerabilities in affected VMware products.

3a. Use-after-free vulnerability in vmnetdhcp (CVE-2020-3947)

**Description: **

VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors:

Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

Resolution:

To remediate CVE-2020-3947, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

Workarounds:

None.

Additional Documentations:

None.

Acknowledgements:

VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting this issue to us.

Resolution Matrix: