VMware Workstation 15.5.7 Player Release Notes

VMware Workstation 15.5.7 Player | 19 November 2020 | Build 17171714

What's in the Release Notes

About VMware Workstation Pl ayer
What's New
Important Fixes
Prior Releases
Resolved Issues

About VMware Workstation Player

VMware Workstation Player™ is a streamlined desktop virtualization application that runs another operating system on the same computer without rebooting. VMware Workstation Player provides a simple user interface, unmatched operating system support, and portability across the VMware ecosystem.

For more information, see the broader VMware Workstation Player documentation.

What's New

This release of VMware Workstation Player is a free upgrade for all VMware Workstation 15 Player users. It contains bug fixes and minor improvements.

Important Fixes

This release of VMware Workstation addresses the following issues:

VMware Workstation contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. See VMSA-2020-0026 for more information.
VMware Workstation contains an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the VMX process. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3981 to this issue. See VMSA-2020-0023.2 for more information.
VMware Workstation contains an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's VMX process or corrupt hypervisor's memory heap. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3982 to this issue. See VMSA-2020-0023.2 for more information.
VMware Workstation contains multiple out-of-bounds read vulnerabilities in Cortado ThinPrint component. These issues exist in the EMF and JPEG2000 parsers. A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where VMware Workstation is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2020-3986 (EMF parser), CVE-2020-3987 (EMR STRETCHDIBITS parser), and CVE-2020-3988 (JPEG2000 parser) to these issues. See VMSA-2020-0020.1 for more information.
VMware Workstation contains a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where VMware Workstation is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3989 to this issue. See VMSA-2020-0020.1 for more information.
VMware Workstation contains an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where VMware Workstation is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3990 to this issue. See VMSA-2020-0020.1 for more information.

Prior Releases

Features and Known Issues from prior releases of VMware Workstation 15 Player are described in the release notes for each release. To view the release notes for a prior release, click the appropriate link: