AI description
CVE-2023-20870 is an out-of-bounds read vulnerability found in VMware Workstation and Fusion. It exists in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with local administrative privileges on a virtual machine could exploit this vulnerability to read privileged information contained in hypervisor memory.
- Description
- VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- Source
- security@vmware.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6
- Impact score
- 4
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
⚠️ Weekly vuln radar from https://t.co/8RzyA4nEyg: CVE-2024-3400 (@stevenadair) CVE-2025-24132 CVE-2025-43300 CVE-2025-5777 CVE-2025-55177 CVE-2023-34044 (@pr0Ln) CVE-2023-20870 CVE-2025-10035 CVE-2025-20333 https://t.co/Z18UZ0WhOF
@ptdbugs
3 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023- 20869) exploit by Alex Zaviyalov has just been published! https://t.co/FLUcjiUDhB
@alexjplaskett
2 Oct 2025
16526 Impressions
69 Retweets
306 Likes
180 Bookmarks
3 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC",
"versionEndExcluding": "13.0.2",
"versionStartIncluding": "13.0.0"
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA",
"versionEndExcluding": "17.0.2",
"versionStartIncluding": "17.0.0"
}
],
"operator": "OR"
}
]
}
]