<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:8pt;color:#000000;font-family:'Courier New',monospace;" dir="ltr">
<p style="margin-top:0;margin-bottom:0"></p>
<div>-----BEGIN PGP SIGNED MESSAGE-----</div>
<div>Hash: SHA1</div>
<div><br>
</div>
<div>- ------------------------------------------------------------------------</div>
<div><br>
</div>
<div> VMware Security Advisory</div>
<div><br>
</div>
<div>Advisory ID: VMSA-2018-0002.1</div>
<div>Severity: Important</div>
<div>Synopsis: VMware ESXi, Workstation and Fusion updates address </div>
<div> side-channel analysis due to speculative execution.</div>
<div>Issue date: 2018-01-03 </div>
<div>Updated on: 2018-01-09</div>
<div>CVE number: CVE-2017-5753, CVE-2017-5715</div>
<div><br>
</div>
<div>1. Summary</div>
<div><br>
</div>
<div> VMware ESXi, Workstation and Fusion updates address side-channel</div>
<div> analysis due to speculative execution.</div>
<div><br>
</div>
<div> Notes:</div>
<div> </div>
<div> Hypervisor mitigation can be classified into the two following</div>
<div> categories:</div>
<div> - Hypervisor-Specific remediation (documented in this advisory)</div>
<div> - Hypervisor-Assisted Guest Remediation (documented in</div>
<div> VMSA-2018-0004)</div>
<div><br>
</div>
<div> The ESXi patches and new versions of Workstation and Fusion of</div>
<div> VMSA-2018-0004 include the Hypervisor-Specific remediation documented</div>
<div> in this VMware Security Advisory.</div>
<div><br>
</div>
<div> More information on the types of remediation may be found in VMware</div>
<div> Knowledge Base article 52245.</div>
<div><br>
</div>
<div>2. Relevant Products</div>
<div><br>
</div>
<div> VMware vSphere ESXi (ESXi)</div>
<div> VMware Workstation Pro / Player (Workstation) </div>
<div> VMware Fusion Pro / Fusion (Fusion) </div>
<div><br>
</div>
<div>3. Problem Description</div>
<div><br>
</div>
<div> Bounds Check bypass and Branch Target Injection issues </div>
<div><br>
</div>
<div> CPU data cache timing can be abused to efficiently leak information</div>
<div> out of mis-speculated CPU execution, leading to (at worst) arbitrary</div>
<div> virtual memory read vulnerabilities across local security boundaries</div>
<div> in various contexts. (Speculative execution is an automatic and</div>
<div> inherent CPU performance optimization used in all modern processors.)</div>
<div> ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass</div>
<div> and Branch Target Injection issues resulting from this vulnerability. </div>
<div><br>
</div>
<div> Result of exploitation may allow for information disclosure from one</div>
<div> Virtual Machine to another Virtual Machine that is running on the</div>
<div> same host. The remediation listed in the table below is for the known</div>
<div> variants of the Bounds Check Bypass and Branch Target Injection</div>
<div> issues. </div>
<div><br>
</div>
<div> The Common Vulnerabilities and Exposures project (cve.mitre.org) has</div>
<div> assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and</div>
<div> CVE-2017-5715 (Branch Target Injection) to these issues.</div>
<div><br>
</div>
<div> Column 5 of the following table lists the action required to</div>
<div> remediate the observed vulnerability in each release, if a solution</div>
<div> is available.</div>
<div> </div>
<div> VMware Product Running Replace with/ Mitigation</div>
<div> Product Version on Severity Apply patch Workaround</div>
<div> ========== ======= ======= ========= ============= ==========</div>
<div><br>
</div>
<div> ESXi 6.5 Any Important ESXi650-201712101-SG None</div>
<div> ESXi 6.0 Any Important ESXi600-201711101-SG None</div>
<div> ESXi 5.5 Any Important ESXi550-201801401-BG None</div>
<div><br>
</div>
<div> Workstation 14.x Any N/A Not affected N/A</div>
<div> Workstation 12.x Any Important 12.5.8 None </div>
<div> </div>
<div> Fusion 10.x OS X N/A Not affected N/A</div>
<div> Fusion 8.x OS X Important 8.5.9 None </div>
<div><br>
</div>
<div><br>
</div>
<div>4. Solution</div>
<div><br>
</div>
<div> Please review the patch/release notes for your product and</div>
<div> version and verify the checksum of your downloaded file.</div>
<div><br>
</div>
<div> VMware ESXi 6.5</div>
<div> Downloads: </div>
<div> https://my.vmware.com/group/vmware/patch</div>
<div> Documentation: </div>
<div> http://kb.vmware.com/kb/2151099</div>
<div><br>
</div>
<div> VMware ESXi 6.0</div>
<div> Downloads: </div>
<div> https://my.vmware.com/group/vmware/patch</div>
<div> Documentation: </div>
<div> http://kb.vmware.com/kb/2151132</div>
<div><br>
</div>
<div> VMware ESXi 5.5</div>
<div> Downloads: </div>
<div> https://my.vmware.com/group/vmware/patch</div>
<div> Documentation: </div>
<div> http://kb.vmware.com/kb/52127</div>
<div><br>
</div>
<div> VMware Workstation Pro, Player 12.5.8</div>
<div> Downloads and Documentation:</div>
<div> https://www.vmware.com/go/downloadworkstation</div>
<div> https://www.vmware.com/support/pubs/ws_pubs.html</div>
<div><br>
</div>
<div> VMware Fusion Pro / Fusion 12.5.9</div>
<div> Downloads and Documentation: </div>
<div> https://www.vmware.com/go/downloadfusion </div>
<div> https://www.vmware.com/support/pubs/fusion_pubs.html </div>
<div> </div>
<div> </div>
<div>5. References</div>
<div><br>
</div>
<div> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753</div>
<div> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715</div>
<div><br>
</div>
<div><br>
</div>
<div>- ------------------------------------------------------------------------</div>
<div>6. Change log</div>
<div><br>
</div>
<div> 2018-01-03 VMSA-2018-0002</div>
<div> Initial security advisory</div>
<div><br>
</div>
<div> 2018-01-09 VMSA-2018-0002.1</div>
<div> Updated security advisor after release of ESXi 5.5 patch</div>
<div> (ESXi550-201801401-BG) that has remediation against CVE-2017-5715 and</div>
<div> CVE-2017-5753 on 2018-01-09.</div>
<div><br>
</div>
<div>- ------------------------------------------------------------------------</div>
<div>7. Contact</div>
<div><br>
</div>
<div> E-mail list for product security notifications and announcements:</div>
<div> http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce</div>
<div><br>
</div>
<div> This Security Advisory is posted to the following lists:</div>
<div> </div>
<div> security-announce@lists.vmware.com</div>
<div> bugtraq@securityfocus.com</div>
<div> fulldisclosure@seclists.org</div>
<div><br>
</div>
<div> E-mail: security@vmware.com</div>
<div> PGP key at: https://kb.vmware.com/kb/1055</div>
<div><br>
</div>
<div> VMware Security Advisories</div>
<div> http://www.vmware.com/security/advisories</div>
<div><br>
</div>
<div> VMware Security Response Policy</div>
<div> https://www.vmware.com/support/policies/security_response.html</div>
<div><br>
</div>
<div> VMware Lifecycle Support Phases</div>
<div> https://www.vmware.com/support/policies/lifecycle.html</div>
<div> </div>
<div> VMware Security & Compliance Blog</div>
<div> https://blogs.vmware.com/security</div>
<div><br>
</div>
<div> Twitter</div>
<div> https://twitter.com/VMwareSRC</div>
<div><br>
</div>
<div> Copyright 2018 VMware Inc. All rights reserved.</div>
<div><br>
</div>
<div>-----BEGIN PGP SIGNATURE-----</div>
<div>Version: PGP Desktop 9.8.3 (Build 4028)</div>
<div>Charset: utf-8</div>
<div><br>
</div>
<div>wj8DBQFaVP3CDEcm8Vbi9kMRArzpAJ9xUsdyCoBAo7EoTJ8lqOOx6eviJwCePKP0</div>
<div>vCwPRyfTrEeGiXngi/T5j5s=</div>
<div>=GPG6</div>
<div>-----END PGP SIGNATURE-----</div>
<div><br>
</div>
<br>
<p></p>
</div>
</body>
</html>