[Security-announce] VMSA-2018-0020 VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.

VMware Security Announcements security-announce at lists.vmware.com
Tue Aug 14 11:05:14 PDT 2018


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- ------------------------------------------------------------------------

                        VMware Security Advisory



Advisory ID: VMSA-2018-0020

Severity:    Important

Synopsis:    VMware vSphere, Workstation, and Fusion updates enable

             Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM

             vulnerability.

Issue date:  2018-08-14

Updated on:  2018-08-14 (Initial Advisory)

CVE number:  CVE-2018-3646



1. Summary



   VMware vSphere, Workstation, and Fusion updates enable Hypervisor-

   Specific Mitigations for L1 Terminal Fault - VMM vulnerability.



   The mitigations in this advisory are categorized as Hypervisor-

   Specific Mitigations described by VMware Knowledge Base article

   55636.



2. Relevant Products



   VMware vCenter Server (VC)

   VMware vSphere ESXi (ESXi)

   VMware Workstation Pro / Player (WS)

   VMware Fusion Pro / Fusion (Fusion)



3. Problem Description



   vCenter Server, ESXi, Workstation, and Fusion updates include

   Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This

   issue may allow a malicious VM running on a given CPU core to

   effectively read the hypervisor’s or another VM’s privileged

   information that resides sequentially or concurrently in the same

   core’s L1 Data cache.



   CVE-2018-3646 has two currently known attack vectors which will be

   referred to as "Sequential-Context" and "Concurrent-Context."



   Attack Vector Summary



   Sequential-context attack vector: a malicious VM can potentially

   infer recently accessed L1 data of a previous context (hypervisor

   thread or other VM thread) on either logical processor of a processor

   core.



   Concurrent-context attack vector: a malicious VM can potentially

   infer recently accessed L1 data of a concurrently executing context

   (hypervisor thread or other VM thread) on the other logical processor

   of the Hyper-Threading-enabled processor core.



   Mitigation Summary



  The Sequential-context attack vector is mitigated by a vSphere

   update to the product versions listed in table below. This mitigation

   is dependent on Intel microcode updates (provided in separate ESXi

   patches for most Intel hardware platforms) also listed in the table

   below. This mitigation is enabled by default and does not impose a

   significant performance impact.



   The Concurrent-context attack vector is mitigated through

   enablement of a new feature known as the ESXi Side-Channel-Aware

   Scheduler. This feature may impose a non-trivial performance impact

   and is not enabled by default.



   Column 5 of the following table lists the action required to

   remediate the vulnerability in each release, if a solution is

   available.



   VMware  Product Running           Replace with/          Mitigation/

   Product Version on      Severity  Apply Patch            Workaround

   ======= ======= ======= ========= =====================  ==========

  VC      6.7     Any     Important 6.7.0d                   None

   VC      6.5     Any     Important 6.5u2c                 None

   VC      6.0     Any     Important 6.0u3h                 None

   VC      5.5     Any     Important 5.5u3j                 None



   ESXi    6.7     Any     Important ESXi670-201808401-BG*  None

                                     ESXi670-201808402-BG** None

                                     ESXi670-201808403-BG*  None



   ESXi    6.5     Any     Important ESXi650-201808401-BG*  None

                                     ESXi650-201808402-BG** None

                                     ESXi650-201808403-BG*  None



   ESXi    6.0     Any     Important ESXi600-201808401-BG*  None

                                     ESXi600-201808402-BG** None

                                     ESXi600-201808403-BG*  None



   ESXi    5.5     Any     Important ESXi550-201808401-BG*  None

                                     ESXi550-201808402-BG** None

                                     ESXi550-201808403-BG*  None



   WS      14.x    Any     Important 14.1.3*                None



   Fusion  10.x    Any     Important 10.1.3*                None



   *These patches DO NOT mitigate the Concurrent-context attack vector

   previously described by default. For details on the three-phase

   vSphere mitigation process please see KB55806 and for the mitigation

   process for Workstation and Fusion please see KB57138.



   **These patches include microcode updates required for mitigation of

   the Sequential-context attack vector. This microcode may also be

   obtained from your hardware OEM in the form of a BIOS or firmware

   update. Details on microcode that has been provided by Intel

   and packaged by VMware is enumerated in the patch KBs found in the

   Solution section of this document.



4. Solution



   Please review the patch/release notes for your product and version

   and verify the checksum of your downloaded file.



   vCenter 6.7.0d



   Downloads:



   https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7



   Documentation:



   https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670d-release-notes.html



   vCenter 6.5u2c



   Downloads:



   https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_5



   Documentation:



   https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2c-release-notes.html



   vCenter 6.0u3h



   Downloads:



   https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_0



   Documentation:



   https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3h-release-notes.html



   vCenter 5.5u3j



   Downloads:



   https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_5



   Documentation:



   https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u3j-release-notes.html



   ESXi 6.7



   Downloads:



   https://my.vmware.com/group/vmware/patch



   Documentation:



   ESXi670-201808401-BG (esx-base): https://kb.vmware.com/kb/56537

   ESXi670-201808402-BG (microcode): https://kb.vmware.com/kb/56538

   ESXi670-201808403-BG (esx-ui):(https://kb.vmware.com/kb/56897



   ESXi 6.5



   Downloads:



   https://my.vmware.com/group/vmware/patch



   Documentation:



   ESXi650-201808401-BG (esx-base): https://kb.vmware.com/kb/56547

   ESXi650-201808402-BG (microcode): https://kb.vmware.com/kb/56563

   ESXi650-201808403-BG (esx-ui): https://kb.vmware.com/kb/56896



   ESXi 6.0



   Downloads:



   https://my.vmware.com/group/vmware/patch



   Documentation:



   ESXi600-201808401-BG (esx-base): https://kb.vmware.com/kb/56552

   ESXi600-201808402-BG (microcode): https://kb.vmware.com/kb/56553

   ESXi600-201808403-BG (esx-ui): https://kb.vmware.com/kb/56895



   ESXi 5.5



   Downloads:



   https://my.vmware.com/group/vmware/patch



   Documentation:



   ESXi550-201808401-BG (esx-base): https://kb.vmware.com/kb/56557

   ESXi550-201808402-BG (microcode): https://kb.vmware.com/kb/56558

   ESXi550-201808403-BG (esx-ui): https://kb.vmware.com/kb/56894



   VMware Workstation Pro 14.1.3



   Downloads: https://www.vmware.com/go/downloadworkstation



   Documentation: https://docs.vmware.com/en/VMware-Workstation-Pro/index.html



   VMware Workstation Player 14.1.3



   Downloads: https://www.vmware.com/go/downloadplayer



   Documentation: https://docs.vmware.com/en/VMware-Workstation-Player/index.html



   VMware Fusion Pro / Fusion 10.1.3



   Downloads: https://www.vmware.com/go/downloadfusion



   Documentation: https://docs.vmware.com/en/VMware-Fusion/index.html



5. References



   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646

   https://kb.vmware.com/kb/55636

   https://kb.vmware.com/kb/55806

   https://kb.vmware.com/kb/57138



- ------------------------------------------------------------------------



6. Change log



   2018-08-14: Initial security advisory in conjunction with vSphere,

   Workstation, and Fusion updates and patches released on 2018-08-14.



- ------------------------------------------------------------------------



7. Contact



   E-mail list for product security notifications and announcements:

   https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce



   This Security Advisory is posted to the following lists:



    security-announce at lists.vmware.com

    bugtraq at securityfocus.com

    fulldisclosure at seclists.org



   E-mail: security at vmware.com

   PGP key at: https://kb.vmware.com/kb/1055



   VMware Security Advisories

   https://www.vmware.com/security/advisories



   VMware Security Response Policy

   https://www.vmware.com/support/policies/security_response.html



   VMware Lifecycle Support Phases

   https://www.vmware.com/support/policies/lifecycle.html



   VMware Security & Compliance Blog

   https://blogs.vmware.com/security



   Twitter

   https://twitter.com/VMwareSRC



   Copyright 2018 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----



iF0EARECAB0WIQSmJMaUX5+xuU/DnNwMRybxVuL2QwUCW3JEgAAKCRAMRybxVuL2

Q0e5AKCD3Yq7ZCoqxAVh4dgQTsZCx1v1vwCg4nQWrBZ5QoPw/TjCxa4XkCb+aGg=

=sHDu

-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.vmware.com/pipermail/security-announce/attachments/20180814/0bbb1aeb/attachment.html>


More information about the Security-announce mailing list