The host is missing a critical security update according to advisory VMSA-2020-0026 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle an issue in XHCI USB controller. Successful exploitation may allow attackers with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.