Login Sign Up

CVE-2023-20869

8.2 HIGH
Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on the host system by exploiting a stack-based buffer overflow in VMware's Bluetooth sharing functionality. It affects users running VMware Workstation 17.x or VMware Fusion 13.x with Bluetooth sharing enabled between host and virtual machine.

💻 Affected Systems

Products:
  • VMware Workstation
  • VMware Fusion
Versions: Workstation 17.x, Fusion 13.x
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when Bluetooth sharing is enabled between host and virtual machine. Disabled by default in most configurations.

📦 What is this software?

Fusion by Vmware

View all CVEs affecting Fusion →

Workstation by Vmware

View all CVEs affecting Workstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the host operating system with SYSTEM/root privileges, enabling complete control over the physical machine and all virtual machines.

🟠

Likely Case

Local privilege escalation on the host system, allowing attackers to gain elevated privileges and potentially install persistent malware.

🟢

If Mitigated

Denial of service or application crash if exploit fails, but no code execution due to proper security controls.

🌐 Internet-Facing: LOW - Requires local access to the host system or virtual machine to exploit.
🏢 Internal Only: HIGH - Significant risk in environments where users run vulnerable VMware products with Bluetooth sharing enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to the virtual machine and Bluetooth sharing to be enabled. No public exploits available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Workstation 17.0.2, Fusion 13.0.2

Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2023-0008.html

Restart Required: Yes

Instructions:

1. Download the latest version from VMware's website. 2. Run the installer and follow prompts. 3. Restart the host system after installation completes.

🔧 Temporary Workarounds

Disable Bluetooth Sharing

all

Turn off Bluetooth device sharing between host and virtual machines

In VMware settings: Virtual Machine Settings > USB & Bluetooth > Uncheck 'Share Bluetooth devices with the virtual machine'

🧯 If You Can't Patch

  • Disable Bluetooth sharing on all virtual machines immediately
  • Restrict local access to virtual machines and monitor for suspicious Bluetooth-related activity

🔍 How to Verify

Check if Vulnerable:

Check VMware version and verify if Bluetooth sharing is enabled in virtual machine settings

Check Version:

On Windows: 'vmware -v', On Linux/macOS: 'vmware --version'

Verify Fix Applied:

Verify installed version is 17.0.2 or higher for Workstation, 13.0.2 or higher for Fusion

📡 Detection & Monitoring

Log Indicators:

  • VMware service crashes
  • Unexpected Bluetooth device connections
  • Access violations in VMware logs

Network Indicators:

  • Unusual Bluetooth traffic patterns from VMware processes

SIEM Query:

source="vmware.log" AND ("access violation" OR "buffer overflow" OR "bluetooth")

📊 Metadata

CVE ID: CVE-2023-20869
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: April 25, 2023
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20869, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)