VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attackers control must be present for exploitation to be possible.
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_foundation | Vmware | 3.0 (including) | 3.10 (excluding) |
| Cloud_foundation | Vmware | 4.0.0 (including) | 4.0.1 (excluding) |
| Fusion | Vmware | 11.0.0 (including) | 11.5.2 (excluding) |
| Workstation | Vmware | 15.0.0 (including) | 15.5.2 (excluding) |
| Esxi | Vmware | 6.5 (including) | 6.5 (including) |
| Esxi | Vmware | 6.5-650-201701001 (including) | 6.5-650-201701001 (including) |
| Esxi | Vmware | 6.5-650-201703001 (including) | 6.5-650-201703001 (including) |
| Esxi | Vmware | 6.5-650-201703002 (including) | 6.5-650-201703002 (including) |
| Esxi | Vmware | 6.5-650-201704001 (including) | 6.5-650-201704001 (including) |
| Esxi | Vmware | 6.5-650-201707101 (including) | 6.5-650-201707101 (including) |
| Esxi | Vmware | 6.5-650-201707102 (including) | 6.5-650-201707102 (including) |
| Esxi | Vmware | 6.5-650-201707103 (including) | 6.5-650-201707103 (including) |
| Esxi | Vmware | 6.5-650-201707201 (including) | 6.5-650-201707201 (including) |
| Esxi | Vmware | 6.5-650-201707202 (including) | 6.5-650-201707202 (including) |
| Esxi | Vmware | 6.5-650-201707203 (including) | 6.5-650-201707203 (including) |
| Esxi | Vmware | 6.5-650-201707204 (including) | 6.5-650-201707204 (including) |
| Esxi | Vmware | 6.5-650-201707205 (including) | 6.5-650-201707205 (including) |
| Esxi | Vmware | 6.5-650-201707206 (including) | 6.5-650-201707206 (including) |
| Esxi | Vmware | 6.5-650-201707207 (including) | 6.5-650-201707207 (including) |
| Esxi | Vmware | 6.5-650-201707208 (including) | 6.5-650-201707208 (including) |
| Esxi | Vmware | 6.5-650-201707209 (including) | 6.5-650-201707209 (including) |
| Esxi | Vmware | 6.5-650-201707210 (including) | 6.5-650-201707210 (including) |
| Esxi | Vmware | 6.5-650-201707211 (including) | 6.5-650-201707211 (including) |
| Esxi | Vmware | 6.5-650-201707212 (including) | 6.5-650-201707212 (including) |
| Esxi | Vmware | 6.5-650-201707213 (including) | 6.5-650-201707213 (including) |
| Esxi | Vmware | 6.5-650-201707214 (including) | 6.5-650-201707214 (including) |
| Esxi | Vmware | 6.5-650-201707215 (including) | 6.5-650-201707215 (including) |
| Esxi | Vmware | 6.5-650-201707216 (including) | 6.5-650-201707216 (including) |
| Esxi | Vmware | 6.5-650-201707217 (including) | 6.5-650-201707217 (including) |
| Esxi | Vmware | 6.5-650-201707218 (including) | 6.5-650-201707218 (including) |
| Esxi | Vmware | 6.5-650-201707219 (including) | 6.5-650-201707219 (including) |
| Esxi | Vmware | 6.5-650-201707220 (including) | 6.5-650-201707220 (including) |
| Esxi | Vmware | 6.5-650-201707221 (including) | 6.5-650-201707221 (including) |
| Esxi | Vmware | 6.5-650-201710001 (including) | 6.5-650-201710001 (including) |
| Esxi | Vmware | 6.5-650-201712001 (including) | 6.5-650-201712001 (including) |
| Esxi | Vmware | 6.5-650-201803001 (including) | 6.5-650-201803001 (including) |
| Esxi | Vmware | 6.5-650-201806001 (including) | 6.5-650-201806001 (including) |
| Esxi | Vmware | 6.5-650-201808001 (including) | 6.5-650-201808001 (including) |
| Esxi | Vmware | 6.5-650-201810001 (including) | 6.5-650-201810001 (including) |
| Esxi | Vmware | 6.5-650-201810002 (including) | 6.5-650-201810002 (including) |
| Esxi | Vmware | 6.5-650-201811001 (including) | 6.5-650-201811001 (including) |
| Esxi | Vmware | 6.5-650-201811002 (including) | 6.5-650-201811002 (including) |
| Esxi | Vmware | 6.5-650-201811301 (including) | 6.5-650-201811301 (including) |
| Esxi | Vmware | 6.5-650-201901001 (including) | 6.5-650-201901001 (including) |
| Esxi | Vmware | 6.5-650-201903001 (including) | 6.5-650-201903001 (including) |
| Esxi | Vmware | 6.5-650-201905001 (including) | 6.5-650-201905001 (including) |
| Esxi | Vmware | 6.5-650-201908001 (including) | 6.5-650-201908001 (including) |
| Esxi | Vmware | 6.5-650-201910001 (including) | 6.5-650-201910001 (including) |
| Esxi | Vmware | 6.5-650-20191004001 (including) | 6.5-650-20191004001 (including) |
| Esxi | Vmware | 6.5-650-201911001 (including) | 6.5-650-201911001 (including) |
| Esxi | Vmware | 6.5-650-201911401 (including) | 6.5-650-201911401 (including) |
| Esxi | Vmware | 6.5-650-201911402 (including) | 6.5-650-201911402 (including) |
| Esxi | Vmware | 6.5-650-201912001 (including) | 6.5-650-201912001 (including) |
| Esxi | Vmware | 6.5-650-201912002 (including) | 6.5-650-201912002 (including) |
| Esxi | Vmware | 6.5-650-201912101 (including) | 6.5-650-201912101 (including) |
| Esxi | Vmware | 6.5-650-201912102 (including) | 6.5-650-201912102 (including) |
| Esxi | Vmware | 6.5-650-201912103 (including) | 6.5-650-201912103 (including) |
| Esxi | Vmware | 6.5-650-201912104 (including) | 6.5-650-201912104 (including) |
| Esxi | Vmware | 6.5-650-201912301 (including) | 6.5-650-201912301 (including) |
| Esxi | Vmware | 6.5-650-201912401 (including) | 6.5-650-201912401 (including) |
| Esxi | Vmware | 6.5-650-201912402 (including) | 6.5-650-201912402 (including) |
| Esxi | Vmware | 6.5-650-201912403 (including) | 6.5-650-201912403 (including) |
| Esxi | Vmware | 6.5-650-201912404 (including) | 6.5-650-201912404 (including) |
| Esxi | Vmware | 6.5-650-202005001 (including) | 6.5-650-202005001 (including) |
| Esxi | Vmware | 6.7 (including) | 6.7 (including) |
| Esxi | Vmware | 6.7-670-201806001 (including) | 6.7-670-201806001 (including) |
| Esxi | Vmware | 6.7-670-201807001 (including) | 6.7-670-201807001 (including) |
| Esxi | Vmware | 6.7-670-201808001 (including) | 6.7-670-201808001 (including) |
| Esxi | Vmware | 6.7-670-201810001 (including) | 6.7-670-201810001 (including) |
| Esxi | Vmware | 6.7-670-201810101 (including) | 6.7-670-201810101 (including) |
| Esxi | Vmware | 6.7-670-201810102 (including) | 6.7-670-201810102 (including) |
| Esxi | Vmware | 6.7-670-201810103 (including) | 6.7-670-201810103 (including) |
| Esxi | Vmware | 6.7-670-201810201 (including) | 6.7-670-201810201 (including) |
| Esxi | Vmware | 6.7-670-201810202 (including) | 6.7-670-201810202 (including) |
| Esxi | Vmware | 6.7-670-201810203 (including) | 6.7-670-201810203 (including) |
| Esxi | Vmware | 6.7-670-201810204 (including) | 6.7-670-201810204 (including) |
| Esxi | Vmware | 6.7-670-201810205 (including) | 6.7-670-201810205 (including) |
| Esxi | Vmware | 6.7-670-201810206 (including) | 6.7-670-201810206 (including) |
| Esxi | Vmware | 6.7-670-201810207 (including) | 6.7-670-201810207 (including) |
| Esxi | Vmware | 6.7-670-201810208 (including) | 6.7-670-201810208 (including) |
| Esxi | Vmware | 6.7-670-201810209 (including) | 6.7-670-201810209 (including) |
| Esxi | Vmware | 6.7-670-201810210 (including) | 6.7-670-201810210 (including) |
| Esxi | Vmware | 6.7-670-201810211 (including) | 6.7-670-201810211 (including) |
| Esxi | Vmware | 6.7-670-201810212 (including) | 6.7-670-201810212 (including) |
| Esxi | Vmware | 6.7-670-201810213 (including) | 6.7-670-201810213 (including) |
| Esxi | Vmware | 6.7-670-201810214 (including) | 6.7-670-201810214 (including) |
| Esxi | Vmware | 6.7-670-201810215 (including) | 6.7-670-201810215 (including) |
| Esxi | Vmware | 6.7-670-201810216 (including) | 6.7-670-201810216 (including) |
| Esxi | Vmware | 6.7-670-201810217 (including) | 6.7-670-201810217 (including) |
| Esxi | Vmware | 6.7-670-201810218 (including) | 6.7-670-201810218 (including) |
| Esxi | Vmware | 6.7-670-201810219 (including) | 6.7-670-201810219 (including) |
| Esxi | Vmware | 6.7-670-201810220 (including) | 6.7-670-201810220 (including) |
| Esxi | Vmware | 6.7-670-201810221 (including) | 6.7-670-201810221 (including) |
| Esxi | Vmware | 6.7-670-201810222 (including) | 6.7-670-201810222 (including) |
| Esxi | Vmware | 6.7-670-201810223 (including) | 6.7-670-201810223 (including) |
| Esxi | Vmware | 6.7-670-201810224 (including) | 6.7-670-201810224 (including) |
| Esxi | Vmware | 6.7-670-201810225 (including) | 6.7-670-201810225 (including) |
| Esxi | Vmware | 6.7-670-201810226 (including) | 6.7-670-201810226 (including) |
| Esxi | Vmware | 6.7-670-201810227 (including) | 6.7-670-201810227 (including) |
| Esxi | Vmware | 6.7-670-201810228 (including) | 6.7-670-201810228 (including) |
| Esxi | Vmware | 6.7-670-201810229 (including) | 6.7-670-201810229 (including) |
| Esxi | Vmware | 6.7-670-201810230 (including) | 6.7-670-201810230 (including) |
| Esxi | Vmware | 6.7-670-201810231 (including) | 6.7-670-201810231 (including) |
| Esxi | Vmware | 6.7-670-201810232 (including) | 6.7-670-201810232 (including) |
| Esxi | Vmware | 6.7-670-201810233 (including) | 6.7-670-201810233 (including) |
| Esxi | Vmware | 6.7-670-201810234 (including) | 6.7-670-201810234 (including) |
| Esxi | Vmware | 6.7-670-201811001 (including) | 6.7-670-201811001 (including) |
| Esxi | Vmware | 6.7-670-201901001 (including) | 6.7-670-201901001 (including) |
| Esxi | Vmware | 6.7-670-201901401 (including) | 6.7-670-201901401 (including) |
| Esxi | Vmware | 6.7-670-201901402 (including) | 6.7-670-201901402 (including) |
| Esxi | Vmware | 6.7-670-201901403 (including) | 6.7-670-201901403 (including) |
| Esxi | Vmware | 6.7-670-201903001 (including) | 6.7-670-201903001 (including) |
| Esxi | Vmware | 6.7-670-201904001 (including) | 6.7-670-201904001 (including) |
| Esxi | Vmware | 6.7-670-201904201 (including) | 6.7-670-201904201 (including) |
| Esxi | Vmware | 6.7-670-201904202 (including) | 6.7-670-201904202 (including) |
| Esxi | Vmware | 6.7-670-201904203 (including) | 6.7-670-201904203 (including) |
| Esxi | Vmware | 6.7-670-201904204 (including) | 6.7-670-201904204 (including) |
| Esxi | Vmware | 6.7-670-201904205 (including) | 6.7-670-201904205 (including) |
| Esxi | Vmware | 6.7-670-201904206 (including) | 6.7-670-201904206 (including) |
| Esxi | Vmware | 6.7-670-201904207 (including) | 6.7-670-201904207 (including) |
| Esxi | Vmware | 6.7-670-201904208 (including) | 6.7-670-201904208 (including) |
| Esxi | Vmware | 6.7-670-201904209 (including) | 6.7-670-201904209 (including) |
| Esxi | Vmware | 6.7-670-201904210 (including) | 6.7-670-201904210 (including) |
| Esxi | Vmware | 6.7-670-201904211 (including) | 6.7-670-201904211 (including) |
| Esxi | Vmware | 6.7-670-201904212 (including) | 6.7-670-201904212 (including) |
| Esxi | Vmware | 6.7-670-201904213 (including) | 6.7-670-201904213 (including) |
| Esxi | Vmware | 6.7-670-201904214 (including) | 6.7-670-201904214 (including) |
| Esxi | Vmware | 6.7-670-201904215 (including) | 6.7-670-201904215 (including) |
| Esxi | Vmware | 6.7-670-201904216 (including) | 6.7-670-201904216 (including) |
| Esxi | Vmware | 6.7-670-201904217 (including) | 6.7-670-201904217 (including) |
| Esxi | Vmware | 6.7-670-201904218 (including) | 6.7-670-201904218 (including) |
| Esxi | Vmware | 6.7-670-201904219 (including) | 6.7-670-201904219 (including) |
| Esxi | Vmware | 6.7-670-201904220 (including) | 6.7-670-201904220 (including) |
| Esxi | Vmware | 6.7-670-201904221 (including) | 6.7-670-201904221 (including) |
| Esxi | Vmware | 6.7-670-201904222 (including) | 6.7-670-201904222 (including) |
| Esxi | Vmware | 6.7-670-201904223 (including) | 6.7-670-201904223 (including) |
| Esxi | Vmware | 6.7-670-201904224 (including) | 6.7-670-201904224 (including) |
| Esxi | Vmware | 6.7-670-201904225 (including) | 6.7-670-201904225 (including) |
| Esxi | Vmware | 6.7-670-201904226 (including) | 6.7-670-201904226 (including) |
| Esxi | Vmware | 6.7-670-201904227 (including) | 6.7-670-201904227 (including) |
| Esxi | Vmware | 6.7-670-201904228 (including) | 6.7-670-201904228 (including) |
| Esxi | Vmware | 6.7-670-201904229 (including) | 6.7-670-201904229 (including) |
| Esxi | Vmware | 6.7-670-201905001 (including) | 6.7-670-201905001 (including) |
| Esxi | Vmware | 6.7-670-201906002 (including) | 6.7-670-201906002 (including) |
| Esxi | Vmware | 6.7-670-201908101 (including) | 6.7-670-201908101 (including) |
| Esxi | Vmware | 6.7-670-201908102 (including) | 6.7-670-201908102 (including) |
| Esxi | Vmware | 6.7-670-201908103 (including) | 6.7-670-201908103 (including) |
| Esxi | Vmware | 6.7-670-201908104 (including) | 6.7-670-201908104 (including) |
| Esxi | Vmware | 6.7-670-201908201 (including) | 6.7-670-201908201 (including) |
| Esxi | Vmware | 6.7-670-201908202 (including) | 6.7-670-201908202 (including) |
| Esxi | Vmware | 6.7-670-201908203 (including) | 6.7-670-201908203 (including) |
| Esxi | Vmware | 6.7-670-201908204 (including) | 6.7-670-201908204 (including) |
| Esxi | Vmware | 6.7-670-201908205 (including) | 6.7-670-201908205 (including) |
| Esxi | Vmware | 6.7-670-201908206 (including) | 6.7-670-201908206 (including) |
| Esxi | Vmware | 6.7-670-201908207 (including) | 6.7-670-201908207 (including) |
| Esxi | Vmware | 6.7-670-201908208 (including) | 6.7-670-201908208 (including) |
| Esxi | Vmware | 6.7-670-201908209 (including) | 6.7-670-201908209 (including) |
| Esxi | Vmware | 6.7-670-201908210 (including) | 6.7-670-201908210 (including) |
| Esxi | Vmware | 6.7-670-201908211 (including) | 6.7-670-201908211 (including) |
| Esxi | Vmware | 6.7-670-201908212 (including) | 6.7-670-201908212 (including) |
| Esxi | Vmware | 6.7-670-201908213 (including) | 6.7-670-201908213 (including) |
| Esxi | Vmware | 6.7-670-201908214 (including) | 6.7-670-201908214 (including) |
| Esxi | Vmware | 6.7-670-201908215 (including) | 6.7-670-201908215 (including) |
| Esxi | Vmware | 6.7-670-201908216 (including) | 6.7-670-201908216 (including) |
| Esxi | Vmware | 6.7-670-201908217 (including) | 6.7-670-201908217 (including) |
| Esxi | Vmware | 6.7-670-201908218 (including) | 6.7-670-201908218 (including) |
| Esxi | Vmware | 6.7-670-201908219 (including) | 6.7-670-201908219 (including) |
| Esxi | Vmware | 6.7-670-201908220 (including) | 6.7-670-201908220 (including) |
| Esxi | Vmware | 6.7-670-201908221 (including) | 6.7-670-201908221 (including) |
| Esxi | Vmware | 6.7-670-201912001 (including) | 6.7-670-201912001 (including) |
| Esxi | Vmware | 6.7-670-201912101 (including) | 6.7-670-201912101 (including) |
| Esxi | Vmware | 6.7-670-201912102 (including) | 6.7-670-201912102 (including) |
| Esxi | Vmware | 6.7-670-201912401 (including) | 6.7-670-201912401 (including) |
| Esxi | Vmware | 6.7-670-201912402 (including) | 6.7-670-201912402 (including) |
| Esxi | Vmware | 6.7-670-201912403 (including) | 6.7-670-201912403 (including) |
| Esxi | Vmware | 6.7-670-201912404 (including) | 6.7-670-201912404 (including) |
| Esxi | Vmware | 6.7-670-201912405 (including) | 6.7-670-201912405 (including) |
| Esxi | Vmware | 6.7-670-202004001 (including) | 6.7-670-202004001 (including) |
| Esxi | Vmware | 6.7-670-202004002 (including) | 6.7-670-202004002 (including) |
| Esxi | Vmware | 7.0.0 (including) | 7.0.0 (including) |
A race condition occurs within concurrent environments, and it is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc. A race condition violates these properties, which are closely related:
A race condition exists when an “interfering code sequence” can still access the shared resource, violating exclusivity. The interfering code sequence could be “trusted” or “untrusted.” A trusted interfering code sequence occurs within the product; it cannot be modified by the attacker, and it can only be invoked indirectly. An untrusted interfering code sequence can be authored directly by the attacker, and typically it is external to the vulnerable product.