VMWare has recently fixed a critical bug in ESXi hypervisor after some days of its discovery in China’s Tianfu Cup hacking competition. The VMWare critical vulnerability has got a CVSS score of 9.3 out of 10.
The vulnerability can be tracked as (CVE-2020-4004) and the vulnerability resides in the eXtensible Host Controller Interface (xHCI) USB controller of ESXi.
XHCI is an interface specification that defines a register-level description of a host controller for USB.
According to a security advisory by VMware, VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
Any attacker having local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
VMware has released the patches for the security vulnerability.
Another VMware Critical Vulnerability
Also, VMware has patched an important-severity elevation-of-privilege vulnerability that was founded by Qihoo 360 Vulcan Team during the Tianfu Cup.
The VMware vulnerability has a CVSS score of 8.8 out of 10 and marked as important, the vulnerability can be tracked as CVE-2020-4004 that resides in the way certain system calls are being managed.
Any malicious attacker may escalate their privileges on the affected system, however, the exploitation of the flaw is a bit difficult to successfully exploit. To successfully exploit the flaw attackers need privileges within the VMX process and successful exploitation is only possible when chained with another vulnerability.