Three significant vulnerabilities have been patched in VMware products, including a crucial Workstation and Fusion bug that can be exploited to execute arbitrary host code from the guest operating system.
The main fault, tracked as CVE-2020-3947, is caused by a bug in the vmnetdhcp portion after free usage.
“The successful operation of this issue may lead to code execution from the guest on the server, or allow attackers to establish a Denial-of-Service situation for the server-based VMnetdhcp service,” VMware said in the advisory.
Another security vulnerability fixed this week by VMware is the high-speed CVE-2020-3948, which enables local criminals with non-admin access to a virtual guest machine (VM) with VMware Software installed to improve the rights of rooting in the same VM.
“The local privilege increment weakness in Linux Guest VMs operating on VMware Workstation and Fusion due to improper file permissions in Cortado Thinprint,” the virtualisation giant stated.
Both of these vulnerabilities affect Workstation 15.x on any board. In versions 15.5.2 and 11.5.2, respectively, updates are included.
The latest vulnerability, monitored under CVE-2019-5543, was identified as a high-speed privilege increase affecting Windows Workstation, VMware Horizon Client and Windows Remote Console (VMRC).
The security hole allows a local intruder like any user to execute commands. It is possible because the folder containing the VMware USB arbitration service configuration files can be written by all users.
Workstation Workstation 15.5.2, VMware Horizon Server for Windows 5.3.0, and VMRC for Windows 11.0.0 provide patches for this bug.