high
8.4
CWE
125
Advisory Published
Updated

CVE-2020-3960

First published: Wed Sep 15 2021(Updated: )

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.

Credit: security@vmware.com

Affected SoftwareAffected VersionHow to fix
VMware Fusion Pro>=11.0.0<11.5.5
VMware Workstation>=15.0.0<15.5.5
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
VMware ESXi=6.5-650-201704001
VMware ESXi=6.5-650-201710001
VMware ESXi=6.5-650-201712001
VMware ESXi=6.5-650-201803001
VMware ESXi=6.5-650-201806001
VMware ESXi=6.5-650-201808001
VMware ESXi=6.5-650-201810001
VMware ESXi=6.5-650-201810002
VMware ESXi=6.5-650-201811001
VMware ESXi=6.5-650-201901001
VMware ESXi=6.5-650-201903001
VMware ESXi=6.5-650-201905001
VMware ESXi=6.5-650-201908001
VMware ESXi=6.5-650-201910001
VMware ESXi=6.7
VMware ESXi=6.7-670-201911001
VMware ESXi=6.7-670-202004001

Remedy

https://www.vmware.com/security/advisories/VMSA-2020-0012.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2020-3960.

  • What is the severity of CVE-2020-3960?

    The severity of CVE-2020-3960 is high.

  • Which software versions are affected by CVE-2020-3960?

    VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) are affected by CVE-2020-3960.

  • What is the CWE ID for CVE-2020-3960?

    The CWE ID for CVE-2020-3960 is 125.

  • How can I fix CVE-2020-3960?

    To fix CVE-2020-3960, you should update VMware ESXi to version ESXi670-202006401-SG or later for 6.7, and ESXi650-202005401-SG or later for 6.5. For Workstation, update to version 15.5.5 or later, and for Fusion, update to version 11.5.5 or later.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203