VMware has updated its Workstation hosted hypervisor and Fusion software hypervisor, fixing a critical vulnerability that could be exploited to trigger arbitrary code execution or a denial of service condition.
The virtualization and cloud computing software provider company also fixed two important privilege escalation flaws spread out between four of its products.
Designated CVE-2020-3947, the most critical bug, with a CVSSv3 rating of 9.3 out of 10, is a use-after-free vulnerability in vmnetdhcp, or the VMware network Dynamic Host Control Protocol Service.
“Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine,” VMware warned in an advisory.
Discovered by anonymous researcher affiliated with the Trend Micro Zero Day Initiative, the bug is fixed in Workstation version 15.5.2 and version 11.5.2 of Fusion running on OS X.
One of the patched “important” flaws is a local privilege escalation issue (CVE-2020-3948) found on Linux Guest VMs running on Workstation or Fusion, and is the result of improper file permissions in Cortado Thinprint print management software and services.
The other repaired bug is a privilege escalation flaw in the Windows version of Horizon Client, VMRC and Workstation (CVE-2019-5543). “…[T]he folder containing configuration files for the VMware USB arbitration service was found to be writable by all users,” meaning a local user could exploit the condition to run commands as a more privileged user, the VMware advisory explains.