First published: Fri Nov 20 2020(Updated: )
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Fusion | >=11.0<11.5.7 | |
Apple iOS and macOS | ||
VMware vCenter Server and Cloud Foundation | >=3.0<3.10.1.2 | |
VMware Workstation and ESXi | >=15.0.0<15.5.7 | |
VMware vCenter Server and Cloud Foundation | >=4.0<4.1.0.1 | |
VMware ESXi and Horizon DaaS | =6.5 | |
VMware ESXi and Horizon DaaS | =6.5-650-201701001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201703001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201703002 | |
VMware ESXi and Horizon DaaS | =6.5-650-201704001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707101 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707102 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707103 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707201 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707202 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707203 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707204 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707205 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707206 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707207 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707208 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707209 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707210 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707211 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707212 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707213 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707214 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707215 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707216 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707217 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707218 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707219 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707220 | |
VMware ESXi and Horizon DaaS | =6.5-650-201707221 | |
VMware ESXi and Horizon DaaS | =6.5-650-201710001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201712001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201803001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201806001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201808001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201810001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201810002 | |
VMware ESXi and Horizon DaaS | =6.5-650-201811001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201811002 | |
VMware ESXi and Horizon DaaS | =6.5-650-201811301 | |
VMware ESXi and Horizon DaaS | =6.5-650-201901001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201903001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201905001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201908001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201910001 | |
VMware ESXi and Horizon DaaS | =6.5-650-20191004001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201911001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201911401 | |
VMware ESXi and Horizon DaaS | =6.5-650-201911402 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912001 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912002 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912101 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912102 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912103 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912104 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912301 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912401 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912402 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912403 | |
VMware ESXi and Horizon DaaS | =6.5-650-201912404 | |
VMware ESXi and Horizon DaaS | =6.5-650-202005001 | |
VMware ESXi and Horizon DaaS | =6.5-650-202006001 | |
VMware ESXi and Horizon DaaS | =6.5-650-202007001 | |
VMware ESXi and Horizon DaaS | =6.5-650-202010001 | |
VMware ESXi and Horizon DaaS | =6.5-650-202011001 | |
VMware ESXi and Horizon DaaS | =6.5-650-202011002 | |
VMware ESXi and Horizon DaaS | =6.7 | |
VMware ESXi and Horizon DaaS | =6.7-670-201806001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201807001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201808001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810101 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810102 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810103 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810201 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810202 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810203 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810204 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810205 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810206 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810207 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810208 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810209 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810210 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810211 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810212 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810213 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810214 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810215 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810216 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810217 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810218 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810219 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810220 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810221 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810222 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810223 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810224 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810225 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810226 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810227 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810228 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810229 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810230 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810231 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810232 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810233 | |
VMware ESXi and Horizon DaaS | =6.7-670-201810234 | |
VMware ESXi and Horizon DaaS | =6.7-670-201811001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201901001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201901401 | |
VMware ESXi and Horizon DaaS | =6.7-670-201901402 | |
VMware ESXi and Horizon DaaS | =6.7-670-201901403 | |
VMware ESXi and Horizon DaaS | =6.7-670-201903001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904201 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904201-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904202 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904202-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904203 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904203-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904204 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904204-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904205 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904205-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904206 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904206-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904207 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904207-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904208 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904208-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904209 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904209-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904210 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904210-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904211 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904211-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904212 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904212-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904213 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904213-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904214 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904214-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904215 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904215-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904216 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904216-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904217 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904217-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904218 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904218-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904219 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904219-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904220 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904220-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904221 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904221-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904222 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904222-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904223 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904223-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904224 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904224-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904225 | |
VMware ESXi and Horizon DaaS | =6.7-670-201904225-ug | |
VMware ESXi and Horizon DaaS | =6.7-670-201904226 | |
VMware ESXi and Horizon DaaS | =6.7-670-201905001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201906002 | |
VMware ESXi and Horizon DaaS | =6.7-670-201911001 | |
VMware ESXi and Horizon DaaS | =6.7-670-201912001 | |
VMware ESXi and Horizon DaaS | =6.7-670-202004001 | |
VMware ESXi and Horizon DaaS | =6.7-670-202004002 | |
VMware ESXi and Horizon DaaS | =6.7-670-202006001 | |
VMware ESXi and Horizon DaaS | =6.7-670-202008001 | |
VMware ESXi and Horizon DaaS | =6.7-670-202010001 | |
VMware ESXi and Horizon DaaS | =7.0 | |
VMware ESXi and Horizon DaaS | =7.0-beta | |
VMware ESXi and Horizon DaaS | =7.0-update_1 | |
VMware ESXi and Horizon DaaS | =7.0-update_1a | |
VMware ESXi and Horizon DaaS | =7.0-update_1b |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4004 has been classified as a critical vulnerability by VMware.
To fix CVE-2020-4004, users should update their VMware software to the latest patched version as recommended by VMware.
CVE-2020-4004 affects VMware ESXi versions 7.0, 6.7, and 6.5, as well as VMware Workstation and Fusion versions before specific updates.
CVE-2020-4004 is identified as a use-after-free vulnerability within the XHCI USB controller.
CVE-2020-4004 requires local administrative privileges for exploitation, limiting its remote attack potential.