VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system.
The critical flaw, tracked as CVE-2020-3947, is caused by a use-after-free bug in the vmnetdhcp component.