-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0012.1 Severity: Moderate Synopsis: VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue Issue date: 2018-05-21 Updated on: 2018-06-28 CVE number: CVE-2018-3639 1. Summary VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor- Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates. 2. Relevant Products VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (GOS) can remediate the Speculative Store bypass issue (CVE-2018-3639) using the Speculative-Store- Bypass-Disable (SSBD) control bit. This issue may allow for information disclosure in applications and/or execution runtimes which rely on managed code security mechanisms. Based on current evaluations, we do not believe that CVE-2018-3639 could allow for VM to VM or Hypervisor to VM Information disclosure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3639 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround =========== ======= ======= ======== ==================== ========== VC 6.7 Any Moderate 6.7.0b * None VC 6.5 Any Moderate 6.5 U2b * None VC 6.0 Any Moderate 6.0 U3f * None VC 5.5 Any Moderate 5.5 U3i * None ESXi 6.7 Any Moderate ESXi670-201806401-BG * None ESXi670-201806402-BG ** ESXi 6.5 Any Moderate ESXi650-201806401-BG * None ESXi650-201806402-BG ** ESXi 6.0 Any Moderate ESXi600-201806401-BG * None ESXi600-201806402-BG ** ESXi 5.5 Any Moderate ESXi550-201806401-BG * None ESXi550-201806402-BG ** Workstation 14.x Any Moderate 14.1.2 * None Fusion 10.x OSX Moderate 10.1.2 * None * There are additional VMware and 3rd party requirements for CVE-2018-3639 mitigation beyond applying these updates. Please see VMware Knowledge Base article 55111 for details. ** If available, these ESXi patches apply the required microcode updates. The included microcode updates are documented in the VMware Knowledge Base articles listed in the Solution section. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Server 6.7.0b Downloads: https://my.vmware.com/web/vmware/details?downloadGroup=VC670B&productId=742 &rPId=24511 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670 b-release-notes.html vCenter Server 6.5 U2b Downloads: https://my.vmware.com/web/vmware/details?downloadGroup=VC65U2B&productId=61 4&rPId=24437 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u 2b-release-notes.html vCenter Server 6.0 U3f Downloads: https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3F&productId=49 1&rPId=24398 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u 3f-release-notes.html vCenter Server 5.5 U3i Downloads: https://my.vmware.com/web/vmware/details?downloadGroup=VC55U3I&productId=35 3&rPId=24327 Documentation: https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u 3i-release-notes.html VMware ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55920 https://kb.vmware.com/kb/55921 (microcode) VMware ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55915 https://kb.vmware.com/kb/55916 (microcode) VMware ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55910 https://kb.vmware.com/kb/55911 (microcode) VMware ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55905 https://kb.vmware.com/kb/55906 (microcode) VMware Workstation Pro, Player 14.1.2 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://www.vmware.com/go/downloadplayer VMware Fusion Pro / Fusion 10.1.2 Downloads and Documentation: https://www.vmware.com/go/downloadfusion 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://kb.vmware.com/kb/54951 https://kb.vmware.com/kb/55111 - ------------------------------------------------------------------------ 6. Change log 2018-05-21: VMSA-2018-0012 Initial security advisory in conjunction with the release of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21. 2018-06-28: VMSA-2018-0012.1 Updated security advisory in conjunction with the release of vCenter Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 - 6.7 patches on 2018-06-28. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFbNaFeDEcm8Vbi9kMRAn4NAJ42HgDjfXkcTVfDupwE4KPdPVsf7wCcDaLy aN23XiAmhvFSxcQ5GnJR0ls= =frKv -----END PGP SIGNATURE-----