Network Security, Vulnerability Management

VMware squashes critical code execution bug in hypervisors

VMware has updated its Workstation hosted hypervisor and Fusion software hypervisor, fixing a critical vulnerability that could be exploited to trigger arbitrary code execution or a denial of service condition.

The virtualization and cloud computing software provider company also fixed two important privilege escalation flaws spread out between four of its products.

Designated CVE-2020-3947, the most critical bug, with a CVSSv3 rating of 9.3 out of 10, is a use-after-free vulnerability in vmnetdhcp, or the VMware network Dynamic Host Control Protocol Service.

"Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine," VMware warned in an advisory.

Discovered by anonymous researcher affiliated with the Trend Micro Zero Day Initiative, the bug is fixed in Workstation version 15.5.2 and version 11.5.2 of Fusion running on OS X.

One of the patched "important" flaws is a local privilege escalation issue (CVE-2020-3948) found on Linux Guest VMs running on Workstation or Fusion, and is the result of improper file permissions in Cortado Thinprint print management software and services.

The other repaired bug is a privilege escalation flaw in the Windows version of Horizon Client, VMRC and Workstation (CVE-2019-5543). "...[T]he folder containing configuration files for the VMware USB arbitration service was found to be writable by all users," meaning a local user could exploit the condition to run commands as a more privileged user, the VMware advisory explains.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.