[Security-announce] NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution

VMware Security Announcements security-announce at lists.vmware.com
Wed Jan 3 16:15:05 PST 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

                               VMware Security Advisory

Advisory ID: VMSA-2018-0002
Severity:    Important
Synopsis:    VMware ESXi, Workstation and Fusion updates address
             side-channel analysis due to speculative execution.
Issue date:  2018-01-03
Updated on:  2018-01-03 ((Initial Advisory)
CVE number:  CVE-2017-5753, CVE-2017-5715

1. Summary

   VMware ESXi, Workstation and Fusion updates address side-channel
   analysis due to speculative execution.

2. Relevant Products

   VMware vSphere ESXi (ESXi)
   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

   Bounds Check bypass and Branch Target Injection issues

   CPU data cache timing can be abused to efficiently leak information
   out of mis-speculated CPU execution, leading to (at worst) arbitrary
   virtual memory read vulnerabilities across local security boundaries
   in various contexts. (Speculative execution is an automatic and
   inherent CPU performance optimization used in all modern processors.)
   ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass
   and Branch Target Injection issues resulting from this vulnerability.

   Result of exploitation may allow for information disclosure from one
   Virtual Machine to another Virtual Machine that is running on the
   same host. The remediation listed in the table below is for the known
   variants of the Bounds Check Bypass and Branch Target Injection
   issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and
   CVE-2017-5715 (Branch Target Injection) to these issues.

   Column 5 of the following table lists the action required to
   remediate the observed vulnerability in each release, if a solution
   is available.

   VMware     Product Running           Replace with/         Mitigation
   Product    Version on      Severity  Apply patch           Workaround
   ========== ======= ======= ========= =============         ==========

   ESXi        6.5    Any     Important ESXi650-201712101-SG   None
   ESXi        6.0    Any     Important ESXi600-201711101-SG   None
   ESXi        5.5    Any     Important ESXi550-201709101-SG * None

   Workstation 14.x   Any     N/A       Not affected           N/A
   Workstation 12.x   Any     Important 12.5.8                 None

   Fusion      10.x   OS X    N/A       Not affected           N/A
   Fusion      8.x    OS X    Important 8.5.9                  None

   * This patch has remediation against CVE-2017-5715 but not against
     CVE-2017-5753.


4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware ESXi 6.5
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   http://kb.vmware.com/kb/2151099

   VMware ESXi 6.0
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   http://kb.vmware.com/kb/2151132

   VMware ESXi 5.5
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   http://kb.vmware.com/kb/2150876

   VMware Workstation Pro, Player 12.5.8
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://www.vmware.com/support/pubs/ws_pubs.html

   VMware Fusion Pro / Fusion 12.5.9
   Downloads and Documentation:
   https://www.vmware.com/go/downloadfusion
   https://www.vmware.com/support/pubs/fusion_pubs.html


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715


- ------------------------------------------------------------------------
6. Change log

   2018-01-03 VMSA-2018-0002
   Initial security advisory


- ------------------------------------------------------------------------
7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce at lists.vmware.com
     bugtraq at securityfocus.com
     fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFaTXExDEcm8Vbi9kMRAr/VAKCOxT1EMDwsspzs5Yc5ENEeQYLEewCgtBlV
FRCvDfKfRLj6SdaI0n+/XY4=
=K5mR
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.vmware.com/pipermail/security-announce/attachments/20180104/2a60d917/attachment.html>


More information about the Security-announce mailing list