AI description
CVE-2023-20869 is a stack-based buffer overflow vulnerability found in VMware Workstation (17.x) and VMware Fusion (13.x). It exists in the functionality that shares host Bluetooth devices with the virtual machine. The vulnerability was reported by STAR Labs during the Pwn2Own 2023 Security Contest and publicly disclosed on April 25, 2023. An attacker with local administrative privileges on a virtual machine could exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This could lead to complete compromise of the hypervisor. The vulnerability exists within the UHCI component and stems from inadequate validation of user-supplied data length before copying it to a fixed-length stack-based buffer.
- Description
- VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- Source
- security@vmware.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 6
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
Guest-to-host VM escape in VMware Workstation (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) https://t.co/qAKnS15RLn Credits Alexander Zaviyalov (@NCCGroupInfosec) #infosec https://t.co/O1tLmEWkdX
@0xor0ne
6 Apr 2026
4976 Impressions
20 Retweets
91 Likes
60 Bookmarks
0 Replies
0 Quotes
Guest-to-host escape in VMware Workstation (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) Guest-to-host VM escape in VMware Workstation, stack buffer overflow in Bluetooth sharing leads to code execution (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) https://t.co/skOIkpX
@0xor0ne
24 Feb 2026
7838 Impressions
46 Retweets
167 Likes
73 Bookmarks
1 Reply
1 Quote
Guest-to-host escape in VMware Workstation (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) https://t.co/qAKnS15RLn Credits Alexander Zaviyalov (@NCCGroupInfosec) #infosec https://t.co/ki4WTtneE0
@0xor0ne
31 Dec 2025
9112 Impressions
32 Retweets
151 Likes
89 Bookmarks
0 Replies
0 Quotes
VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) by Alexander Zaviyalov (@NCCGroupInfosec) https://t.co/qAKnS15RLn #infosec https://t.co/ydixOPn1m9
@0xor0ne
26 Nov 2025
8445 Impressions
28 Retweets
167 Likes
78 Bookmarks
1 Reply
0 Quotes
VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) https://t.co/DseNNxt7Ow Credits Alexander Zaviyalov (@NCCGroupInfosec) #infosec https://t.co/TVyvnLvR6q
@0xor0ne
25 Oct 2025
16596 Impressions
44 Retweets
201 Likes
102 Bookmarks
0 Replies
1 Quote
⚠️Prueba de concepto para vulnerabilidades en VMware ❗CVE-2023-20869 ❗CVE-2023-20870 ❗CVE-2023-34044 ➡️Más info: https://t.co/d8TEL7gAcr https://t.co/H86sY69BlP
@CERTpy
6 Oct 2025
131 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
VMware Workstationのホストエスケープ脆弱性(CVE-2023-20870/CVE-2023-34044, CVE-2023-20869)に対応するPoC(攻撃の概念実証コード)と解説をNCC Group社が公表。 https://t.co/s0dFyyxCdW
@__kokumoto
5 Oct 2025
1036 Impressions
2 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC",
"versionEndExcluding": "13.0.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA",
"versionEndExcluding": "17.0.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]