CVE-2020-4004

Published: Nov 20, 2020Modified: Oct 31, 2025

8.2

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Affected (183)

Products: Vmware: Fusion, Cloud Foundation, Workstation, Esxi

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Fusion	From 11.0 to 11.5.7

Running on/with	Platform Versions
Apple Mac Os X	All versions

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Vmware Cloud Foundation	From 3.0 to 3.10.1.2
Vmware Cloud Foundation	From 4.0 to 4.1.0.1
Vmware Workstation	From 15.0.0 to 15.5.7

Configuration C

65 vulnerable

Vulnerable Software	Affected Versions
Vmware Esxi	Version 6.5
Vmware Esxi	Version 6.5 650-201701001
Vmware Esxi	Version 6.5 650-201703001
Vmware Esxi	Version 6.5 650-201703002
Vmware Esxi	Version 6.5 650-201704001
Vmware Esxi	Version 6.5 650-201707101
Vmware Esxi	Version 6.5 650-201707102
Vmware Esxi	Version 6.5 650-201707103
Vmware Esxi	Version 6.5 650-201707201
Vmware Esxi	Version 6.5 650-201707202
Vmware Esxi	Version 6.5 650-201707203
Vmware Esxi	Version 6.5 650-201707204
Vmware Esxi	Version 6.5 650-201707205
Vmware Esxi	Version 6.5 650-201707206
Vmware Esxi	Version 6.5 650-201707207
Vmware Esxi	Version 6.5 650-201707208
Vmware Esxi	Version 6.5 650-201707209
Vmware Esxi	Version 6.5 650-201707210
Vmware Esxi	Version 6.5 650-201707211
Vmware Esxi	Version 6.5 650-201707212
Vmware Esxi	Version 6.5 650-201707213
Vmware Esxi	Version 6.5 650-201707214
Vmware Esxi	Version 6.5 650-201707215
Vmware Esxi	Version 6.5 650-201707216
Vmware Esxi	Version 6.5 650-201707217
Vmware Esxi	Version 6.5 650-201707218
Vmware Esxi	Version 6.5 650-201707219
Vmware Esxi	Version 6.5 650-201707220
Vmware Esxi	Version 6.5 650-201707221
Vmware Esxi	Version 6.5 650-201710001
Vmware Esxi	Version 6.5 650-201712001
Vmware Esxi	Version 6.5 650-201803001
Vmware Esxi	Version 6.5 650-201806001
Vmware Esxi	Version 6.5 650-201808001
Vmware Esxi	Version 6.5 650-201810001
Vmware Esxi	Version 6.5 650-201810002
Vmware Esxi	Version 6.5 650-201811001
Vmware Esxi	Version 6.5 650-201811002
Vmware Esxi	Version 6.5 650-201811301
Vmware Esxi	Version 6.5 650-201901001
Vmware Esxi	Version 6.5 650-201903001
Vmware Esxi	Version 6.5 650-201905001
Vmware Esxi	Version 6.5 650-201908001
Vmware Esxi	Version 6.5 650-201910001
Vmware Esxi	Version 6.5 650-20191004001
Vmware Esxi	Version 6.5 650-201911001
Vmware Esxi	Version 6.5 650-201911401
Vmware Esxi	Version 6.5 650-201911402
Vmware Esxi	Version 6.5 650-201912001
Vmware Esxi	Version 6.5 650-201912002
Vmware Esxi	Version 6.5 650-201912101
Vmware Esxi	Version 6.5 650-201912102
Vmware Esxi	Version 6.5 650-201912103
Vmware Esxi	Version 6.5 650-201912104
Vmware Esxi	Version 6.5 650-201912301
Vmware Esxi	Version 6.5 650-201912401
Vmware Esxi	Version 6.5 650-201912402
Vmware Esxi	Version 6.5 650-201912403
Vmware Esxi	Version 6.5 650-201912404
Vmware Esxi	Version 6.5 650-202005001
Vmware Esxi	Version 6.5 650-202006001
Vmware Esxi	Version 6.5 650-202007001
Vmware Esxi	Version 6.5 650-202010001
Vmware Esxi	Version 6.5 650-202011001
Vmware Esxi	Version 6.5 650-202011002

Configuration D

109 vulnerable

Vulnerable Software	Affected Versions
Vmware Esxi	Version 6.7
Vmware Esxi	Version 6.7 670-201806001
Vmware Esxi	Version 6.7 670-201807001
Vmware Esxi	Version 6.7 670-201808001
Vmware Esxi	Version 6.7 670-201810001
Vmware Esxi	Version 6.7 670-201810101
Vmware Esxi	Version 6.7 670-201810102
Vmware Esxi	Version 6.7 670-201810103
Vmware Esxi	Version 6.7 670-201810201
Vmware Esxi	Version 6.7 670-201810202
Vmware Esxi	Version 6.7 670-201810203
Vmware Esxi	Version 6.7 670-201810204
Vmware Esxi	Version 6.7 670-201810205
Vmware Esxi	Version 6.7 670-201810206
Vmware Esxi	Version 6.7 670-201810207
Vmware Esxi	Version 6.7 670-201810208
Vmware Esxi	Version 6.7 670-201810209
Vmware Esxi	Version 6.7 670-201810210
Vmware Esxi	Version 6.7 670-201810211
Vmware Esxi	Version 6.7 670-201810212
Vmware Esxi	Version 6.7 670-201810213
Vmware Esxi	Version 6.7 670-201810214
Vmware Esxi	Version 6.7 670-201810215
Vmware Esxi	Version 6.7 670-201810216
Vmware Esxi	Version 6.7 670-201810217
Vmware Esxi	Version 6.7 670-201810218
Vmware Esxi	Version 6.7 670-201810219
Vmware Esxi	Version 6.7 670-201810220
Vmware Esxi	Version 6.7 670-201810221
Vmware Esxi	Version 6.7 670-201810222
Vmware Esxi	Version 6.7 670-201810223
Vmware Esxi	Version 6.7 670-201810224
Vmware Esxi	Version 6.7 670-201810225
Vmware Esxi	Version 6.7 670-201810226
Vmware Esxi	Version 6.7 670-201810227
Vmware Esxi	Version 6.7 670-201810228
Vmware Esxi	Version 6.7 670-201810229
Vmware Esxi	Version 6.7 670-201810230
Vmware Esxi	Version 6.7 670-201810231
Vmware Esxi	Version 6.7 670-201810232
Vmware Esxi	Version 6.7 670-201810233
Vmware Esxi	Version 6.7 670-201810234
Vmware Esxi	Version 6.7 670-201811001
Vmware Esxi	Version 6.7 670-201901001
Vmware Esxi	Version 6.7 670-201901401
Vmware Esxi	Version 6.7 670-201901402
Vmware Esxi	Version 6.7 670-201901403
Vmware Esxi	Version 6.7 670-201903001
Vmware Esxi	Version 6.7 670-201904001
Vmware Esxi	Version 6.7 670-201904201-ug
Vmware Esxi	Version 6.7 670-201904201
Vmware Esxi	Version 6.7 670-201904202-ug
Vmware Esxi	Version 6.7 670-201904202
Vmware Esxi	Version 6.7 670-201904203-ug
Vmware Esxi	Version 6.7 670-201904203
Vmware Esxi	Version 6.7 670-201904204-ug
Vmware Esxi	Version 6.7 670-201904204
Vmware Esxi	Version 6.7 670-201904205-ug
Vmware Esxi	Version 6.7 670-201904205
Vmware Esxi	Version 6.7 670-201904206-ug
Vmware Esxi	Version 6.7 670-201904206
Vmware Esxi	Version 6.7 670-201904207-ug
Vmware Esxi	Version 6.7 670-201904207
Vmware Esxi	Version 6.7 670-201904208-ug
Vmware Esxi	Version 6.7 670-201904208
Vmware Esxi	Version 6.7 670-201904209-ug
Vmware Esxi	Version 6.7 670-201904209
Vmware Esxi	Version 6.7 670-201904210-ug
Vmware Esxi	Version 6.7 670-201904210
Vmware Esxi	Version 6.7 670-201904211-ug
Vmware Esxi	Version 6.7 670-201904211
Vmware Esxi	Version 6.7 670-201904212-ug
Vmware Esxi	Version 6.7 670-201904212
Vmware Esxi	Version 6.7 670-201904213-ug
Vmware Esxi	Version 6.7 670-201904213
Vmware Esxi	Version 6.7 670-201904214-ug
Vmware Esxi	Version 6.7 670-201904214
Vmware Esxi	Version 6.7 670-201904215-ug
Vmware Esxi	Version 6.7 670-201904215
Vmware Esxi	Version 6.7 670-201904216-ug
Vmware Esxi	Version 6.7 670-201904216
Vmware Esxi	Version 6.7 670-201904217-ug
Vmware Esxi	Version 6.7 670-201904217
Vmware Esxi	Version 6.7 670-201904218-ug
Vmware Esxi	Version 6.7 670-201904218
Vmware Esxi	Version 6.7 670-201904219-ug
Vmware Esxi	Version 6.7 670-201904219
Vmware Esxi	Version 6.7 670-201904220-ug
Vmware Esxi	Version 6.7 670-201904220
Vmware Esxi	Version 6.7 670-201904221-ug
Vmware Esxi	Version 6.7 670-201904221
Vmware Esxi	Version 6.7 670-201904222-ug
Vmware Esxi	Version 6.7 670-201904222
Vmware Esxi	Version 6.7 670-201904223-ug
Vmware Esxi	Version 6.7 670-201904223
Vmware Esxi	Version 6.7 670-201904224-ug
Vmware Esxi	Version 6.7 670-201904224
Vmware Esxi	Version 6.7 670-201904225-ug
Vmware Esxi	Version 6.7 670-201904225
Vmware Esxi	Version 6.7 670-201904226
Vmware Esxi	Version 6.7 670-201905001
Vmware Esxi	Version 6.7 670-201906002
Vmware Esxi	Version 6.7 670-201911001
Vmware Esxi	Version 6.7 670-201912001
Vmware Esxi	Version 6.7 670-202004001
Vmware Esxi	Version 6.7 670-202004002
Vmware Esxi	Version 6.7 670-202006001
Vmware Esxi	Version 6.7 670-202008001
Vmware Esxi	Version 6.7 670-202010001

Configuration E

5 vulnerable

Vulnerable Software	Affected Versions
Vmware Esxi	Version 7.0
Vmware Esxi	Version 7.0 beta
Vmware Esxi	Version 7.0 update_1
Vmware Esxi	Version 7.0 update_1a
Vmware Esxi	Version 7.0 update_1b

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

Source: security@vmware.com

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.