[Security-announce] UPDATED VMSA-2018-0002.1 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
VMware Security Announcements
security-announce at lists.vmware.com
Tue Jan 9 09:39:22 PST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2018-0002.1
Severity: Important
Synopsis: VMware ESXi, Workstation and Fusion updates address
side-channel analysis due to speculative execution.
Issue date: 2018-01-03
Updated on: 2018-01-09
CVE number: CVE-2017-5753, CVE-2017-5715
1. Summary
VMware ESXi, Workstation and Fusion updates address side-channel
analysis due to speculative execution.
Notes:
Hypervisor mitigation can be classified into the two following
categories:
- Hypervisor-Specific remediation (documented in this advisory)
- Hypervisor-Assisted Guest Remediation (documented in
VMSA-2018-0004)
The ESXi patches and new versions of Workstation and Fusion of
VMSA-2018-0004 include the Hypervisor-Specific remediation documented
in this VMware Security Advisory.
More information on the types of remediation may be found in VMware
Knowledge Base article 52245.
2. Relevant Products
VMware vSphere ESXi (ESXi)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
3. Problem Description
Bounds Check bypass and Branch Target Injection issues
CPU data cache timing can be abused to efficiently leak information
out of mis-speculated CPU execution, leading to (at worst) arbitrary
virtual memory read vulnerabilities across local security boundaries
in various contexts. (Speculative execution is an automatic and
inherent CPU performance optimization used in all modern processors.)
ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass
and Branch Target Injection issues resulting from this vulnerability.
Result of exploitation may allow for information disclosure from one
Virtual Machine to another Virtual Machine that is running on the
same host. The remediation listed in the table below is for the known
variants of the Bounds Check Bypass and Branch Target Injection
issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and
CVE-2017-5715 (Branch Target Injection) to these issues.
Column 5 of the following table lists the action required to
remediate the observed vulnerability in each release, if a solution
is available.
VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
========== ======= ======= ========= ============= ==========
ESXi 6.5 Any Important ESXi650-201712101-SG None
ESXi 6.0 Any Important ESXi600-201711101-SG None
ESXi 5.5 Any Important ESXi550-201801401-BG None
Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Any Important 12.5.8 None
Fusion 10.x OS X N/A Not affected N/A
Fusion 8.x OS X Important 8.5.9 None
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
VMware ESXi 6.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
http://kb.vmware.com/kb/2151099
VMware ESXi 6.0
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
http://kb.vmware.com/kb/2151132
VMware ESXi 5.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
http://kb.vmware.com/kb/52127
VMware Workstation Pro, Player 12.5.8
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html
VMware Fusion Pro / Fusion 12.5.9
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
- ------------------------------------------------------------------------
6. Change log
2018-01-03 VMSA-2018-0002
Initial security advisory
2018-01-09 VMSA-2018-0002.1
Updated security advisor after release of ESXi 5.5 patch
(ESXi550-201801401-BG) that has remediation against CVE-2017-5715 and
CVE-2017-5753 on 2018-01-09.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2018 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFaVP3CDEcm8Vbi9kMRArzpAJ9xUsdyCoBAo7EoTJ8lqOOx6eviJwCePKP0
vCwPRyfTrEeGiXngi/T5j5s=
=GPG6
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.vmware.com/pipermail/security-announce/attachments/20180109/1745097d/attachment.html>
More information about the Security-announce
mailing list