AI description
CVE-2023-20869 is a stack-based buffer overflow vulnerability found in VMware Workstation (17.x) and VMware Fusion (13.x). It exists in the functionality that shares host Bluetooth devices with the virtual machine. The vulnerability was reported by STAR Labs during the Pwn2Own 2023 Security Contest and publicly disclosed on April 25, 2023. An attacker with local administrative privileges on a virtual machine could exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This could lead to complete compromise of the hypervisor. The vulnerability exists within the UHCI component and stems from inadequate validation of user-supplied data length before copying it to a fixed-length stack-based buffer.
- Description
- VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- Source
- security@vmware.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 6
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
26
VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) https://t.co/DseNNxt7Ow Credits Alexander Zaviyalov (@NCCGroupInfosec) #infosec https://t.co/TVyvnLvR6q
@0xor0ne
25 Oct 2025
16596 Impressions
44 Retweets
201 Likes
102 Bookmarks
0 Replies
1 Quote
⚠️Prueba de concepto para vulnerabilidades en VMware ❗CVE-2023-20869 ❗CVE-2023-20870 ❗CVE-2023-34044 ➡️Más info: https://t.co/d8TEL7gAcr https://t.co/H86sY69BlP
@CERTpy
6 Oct 2025
131 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
VMware Workstationのホストエスケープ脆弱性(CVE-2023-20870/CVE-2023-34044, CVE-2023-20869)に対応するPoC(攻撃の概念実証コード)と解説をNCC Group社が公表。 https://t.co/s0dFyyxCdW
@__kokumoto
5 Oct 2025
1036 Impressions
2 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC",
"versionEndExcluding": "13.0.2",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA",
"versionEndExcluding": "17.0.2",
"versionStartIncluding": "17.0.0"
}
],
"operator": "OR"
}
]
}
]