3b. Denial-of-service vulnerability in Shader functionality (CVE-2020-3958) Description: VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.0. Reproducible: Always WORKAROUND: Disable 3D acceleration [ https://kb.vmware.com/s/article/59146 ] REFERENCE: Bug 713068 - [stefantalpalaru overlay] app-emulation/vmware-workstation-15.5.2 version bump
Known Attack Vectors: Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. ==> My personal view on this: If you can be sure to be the very only one with access to your VM, you can still enjoy 3D. If you have opened access to others, especially to *remote* users, especially providing an external service, this CVE strongly suggests to disable 3D in the VM's System Settings immediately.
Please, neware the nearing EOL of -15: https://bugs.gentoo.org/742647#c6
No longer affecting us.
