Twenty Year Anniversary

VMware Security Advisory 2018-0002.1

VMware Security Advisory 2018-0002.1
Posted Jan 10, 2018
Authored by VMware | Site

VMware Security Advisory 2018-0002.1 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

tags | advisory
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 98039a0f8ea7a3f15db5f2c25f082c3e

VMware Security Advisory 2018-0002.1

Change Mirror Download
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2018-0002.1
Severity: Important
Synopsis: VMware ESXi, Workstation and Fusion updates address
side-channel analysis due to speculative execution.
Issue date: 2018-01-03
Updated on: 2018-01-09
CVE number: CVE-2017-5753, CVE-2017-5715

1. Summary

VMware ESXi, Workstation and Fusion updates address side-channel
analysis due to speculative execution.


Hypervisor mitigation can be classified into the two following
- Hypervisor-Specific remediation (documented in this advisory)
- Hypervisor-Assisted Guest Remediation (documented in

The ESXi patches and new versions of Workstation and Fusion of
VMSA-2018-0004 include the Hypervisor-Specific remediation documented
in this VMware Security Advisory.

More information on the types of remediation may be found in VMware
Knowledge Base article 52245.

2. Relevant Products

VMware vSphere ESXi (ESXi)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

Bounds Check bypass and Branch Target Injection issues

CPU data cache timing can be abused to efficiently leak information
out of mis-speculated CPU execution, leading to (at worst) arbitrary
virtual memory read vulnerabilities across local security boundaries
in various contexts. (Speculative execution is an automatic and
inherent CPU performance optimization used in all modern processors.)
ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass
and Branch Target Injection issues resulting from this vulnerability.

Result of exploitation may allow for information disclosure from one
Virtual Machine to another Virtual Machine that is running on the
same host. The remediation listed in the table below is for the known
variants of the Bounds Check Bypass and Branch Target Injection

The Common Vulnerabilities and Exposures project ( has
assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and
CVE-2017-5715 (Branch Target Injection) to these issues.

Column 5 of the following table lists the action required to
remediate the observed vulnerability in each release, if a solution
is available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
========== ======= ======= ========= ============= ==========

ESXi 6.5 Any Important ESXi650-201712101-SG None
ESXi 6.0 Any Important ESXi600-201711101-SG None
ESXi 5.5 Any Important ESXi550-201801401-BG None

Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Any Important 12.5.8 None

Fusion 10.x OS X N/A Not affected N/A
Fusion 8.x OS X Important 8.5.9 None

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware ESXi 6.5

VMware ESXi 6.0

VMware ESXi 5.5

VMware Workstation Pro, Player 12.5.8
Downloads and Documentation:

VMware Fusion Pro / Fusion 12.5.9
Downloads and Documentation:

5. References

- ------------------------------------------------------------------------
6. Change log

2018-01-03 VMSA-2018-0002
Initial security advisory

2018-01-09 VMSA-2018-0002.1
Updated security advisor after release of ESXi 5.5 patch
(ESXi550-201801401-BG) that has remediation against CVE-2017-5715 and
CVE-2017-5753 on 2018-01-09.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

PGP key at:

VMware Security Advisories

VMware Security Response Policy

VMware Lifecycle Support Phases

VMware Security & Compliance Blog


Copyright 2018 VMware Inc. All rights reserved.

Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8



RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    2 Files
  • 24
    Jun 24th
    1 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By