CVE-2020-3948: 
NixOS vulnerability analysis and mitigation

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. The vulnerability, identified as CVE-2020-3948, was discovered in December 2019 and publicly disclosed in March 2020. The issue specifically affects systems with virtual printing enabled, which is not enabled by default on Workstation and Fusion (VMware Advisory).

The vulnerability has been assigned a CVSSv3 base score of 7.8, categorizing it in the Important severity range. The security flaw stems from improper file permissions in the Cortado Thinprint component of VMware Tools. The vulnerability is only exploitable when virtual printing is enabled in the Guest VM, which is not the default configuration for either Workstation or Fusion installations (CERT-EU).

Successful exploitation of this vulnerability allows local attackers with non-administrative access to a Linux guest VM with virtual printing enabled to elevate their privileges to root on the same guest VM. This privilege escalation could potentially give attackers complete control over the affected guest virtual machine (SecurityWeek).

To remediate CVE-2020-3948, administrators must apply patches to upgrade VMware Workstation to version 15.5.2 or VMware Fusion to version 11.5.2. Additionally, VMware Virtual Printer must be uninstalled and reinstalled for each VM after applying the patches. No workarounds are available for this vulnerability (VMware Advisory).

The vulnerability was reported by Reno Robert working with Trend Micro Zero Day Initiative, highlighting the collaborative effort between security researchers and vendors in responsible vulnerability disclosure (VMware Advisory).