Stack-based buffer-overflow vulnerability in bluetooth device-sharing functionality in VMware Fusion - CVE-2023-20869 (Mac OS)| ID: oval:org.secpod.oval:def:89546 | Date: (C)2023-04-26 (M)2023-12-03 |
| Class: VULNERABILITY | Family: macos |
The host is installed with VMware Fusion 13.x before 13.0.2 and is prone to a stack-based buffer-overflow vulnerability. A flaw is present in the application, which fails to properly handle the functionality for sharing host Bluetooth devices with the virtual machine. Successful exploitation allows an attacker with local administrative privileges on a virtual machine to exploit this issue to execute code as the virtual machine's VMX process running on the host.
| Platform: |
| Apple Mac OS 14 |
| Apple Mac OS 13 |
| Apple Mac OS 12 |
| Apple Mac OS 11 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X 10.14 |
| Apple Mac OS X 10.15 |
