-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0002.1 Severity: Important Synopsis: VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. Issue date: 2018-01-03 Updated on: 2018-01-09 CVE number: CVE-2017-5753, CVE-2017-5715 1. Summary VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. Notes: Hypervisor mitigation can be classified into the two following categories: - Hypervisor-Specific remediation (documented in this advisory) - Hypervisor-Assisted Guest Remediation (documented in VMSA-2018-0004) The ESXi patches and new versions of Workstation and Fusion of VMSA-2018-0004 include the Hypervisor-Specific remediation documented in this VMware Security Advisory. More information on the types of remediation may be found in VMware Knowledge Base article 52245. 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description Bounds Check bypass and Branch Target Injection issues CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability. Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues. Column 5 of the following table lists the action required to remediate the observed vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation Product Version on Severity Apply patch Workaround ========== ======= ======= ========= ============= ========== ESXi 6.5 Any Important ESXi650-201712101-SG None ESXi 6.0 Any Important ESXi600-201711101-SG None ESXi 5.5 Any Important ESXi550-201801401-BG None Workstation 14.x Any N/A Not affected N/A Workstation 12.x Any Important 12.5.8 None Fusion 10.x OS X N/A Not affected N/A Fusion 8.x OS X Important 8.5.9 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: http://kb.vmware.com/kb/2151099 VMware ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: http://kb.vmware.com/kb/2151132 VMware ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: http://kb.vmware.com/kb/52127 VMware Workstation Pro, Player 12.5.8 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://www.vmware.com/support/pubs/ws_pubs.html VMware Fusion Pro / Fusion 12.5.9 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://www.vmware.com/support/pubs/fusion_pubs.html 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 - ------------------------------------------------------------------------ 6. Change log 2018-01-03 VMSA-2018-0002 Initial security advisory 2018-01-09 VMSA-2018-0002.1 Updated security advisor after release of ESXi 5.5 patch (ESXi550-201801401-BG) that has remediation against CVE-2017-5715 and CVE-2017-5753 on 2018-01-09. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFaVP3CDEcm8Vbi9kMRArzpAJ9xUsdyCoBAo7EoTJ8lqOOx6eviJwCePKP0 vCwPRyfTrEeGiXngi/T5j5s= =GPG6 -----END PGP SIGNATURE-----