Security Vulnerabilities fixed in VMware Fusion VMSA-2020-0023
Description
VMware Fusion contain an out-of-bounds write and read vulnerability due to a time-of-check time-of-use issue in ACPI device. The VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability.
Outbreak Alert
ESXi servers vulnerable to the OpenSLP heap-overflow vulnerability (CVE-2021-21974) and OpenSLP remote code execution vulnerability (CVE-2020-3992) are being exploited through the OpenSLP, port 427 to deliver a new ransomware “ESXiArgs”. The ransomware encrypts files in affected ESXi servers and demand a ransom for file decryption.
Affected Applications
VMware Fusion