VMware Cloud Foundation, ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971)

3a. Use-after-free vulnerability in SVGA device (CVE-2020-3962)

VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in the SVGA device. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

3b. Off-by-one heap-overflow vulnerability in SVGA device (CVE-2020-3969)

VMware ESXi, Workstation and Fusion contain an off-by-one heap-overflow vulnerability in the SVGA device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.

3c. Out-of-bound read issue in Shader Functionality (CVE-2020-3970)

VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in the Shader functionality. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.0.

3d. Heap-overflow issue in EHCI controller (CVE-2020-3967)

VMware ESXi, Workstation and Fusion contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.

3e. Out-of-bounds write vulnerability in xHCI controller (CVE-2020-3968)

VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.

3f. Heap-overflow due to race condition in EHCI controller (CVE-2020-3966)

VMware ESXi, Workstation and Fusion contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.

3g. Information leak in the XHCI USB controller (CVE-2020-3965)

VMware ESXi, Workstation and Fusion contain an information leak in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

3h. Information Leak in the EHCI USB controller (CVE-2020-3964)

VMware ESXi, Workstation and Fusion contain an information leak in the EHCI USB controller. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 5.9.

3i. Use-after-free vulnerability in PVNVRAM (CVE-2020-3963)

VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in PVNVRAM. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

3j. Heap overflow vulnerability in vmxnet3 (CVE-2020-3971)

VMware ESXi, Fusion and Workstation contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.