How severe is CVE-2020-3964?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2020-3964?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2020-3964 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

Related Vulnerabilities

CVE-2023-36836

MEDIUM

CVSS:4.7(Medium)

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to ca...

CWE-9082023

CVE-2019-19535

MEDIUM

CVSS:4.6(Medium)

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

CWE-9082019

CVE-2019-19947

MEDIUM

CVSS:4.6(Medium)

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

CWE-9082019

CVE-2022-20008

MEDIUM

CVSS:4.6(Medium)

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that trigger...

CWE-9082022

CVE-2025-27796

MEDIUM

CVSS:4.5(Medium)

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

CWE-9082025

CVE-2016-5105

MEDIUM

CVSS:4.4(Medium)

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest admin...

CWE-9082016