VMSA-2018-0012.1

VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

VMware Security Advisory
 
VMware Security Advisory Advisory ID:
  VMSA-2018-0012.1
VMware Security Advisory Severity:
  Moderate
VMware Security Advisory Synopsis:
  VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.
VMware Security Advisory Issue date:
  2018-05-21
VMware Security Advisory Updated on:
  2018-06-28
VMware Security Advisory CVE numbers:
  CVE-2018-3639
1. Summary

VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

 

The mitigations in this advisory are categorized as Hypervisor-Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.

2. Relevant Products
  • VMware vCenter Server (VC)
  • VMware vSphere ESXi (ESXi)
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)   
3. Problem Description

vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (GOS) can remediate the Speculative Store bypass issue (CVE-2018-3639) using the Speculative-Store-Bypass-Disable (SSBD) control bit. This issue may allow for information disclosure in applications and/or execution runtimes which rely on managed code security mechanisms. Based on current evaluations, we do not believe that CVE-2018-3639 could allow for VM to VM or Hypervisor to VM Information disclosure.

 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3639 to this issue.

 

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
VMware Product VC
Product Version 6.7
Running on Any
Severity Moderate
Replace with/ Apply Patch 6.7.0b*
Mitigation/ Workaround None
VMware Product VC
Product Version 6.5
Running on Any
Severity Moderate
Replace with/ Apply Patch 6.5 U2b*
Mitigation/ Workaround None
VMware Product VC
Product Version 6.0
Running on Any
Severity Moderate
Replace with/ Apply Patch 6.0 U3f*
Mitigation/ Workaround None
VMware Product VC
Product Version 5.5
Running on Any
Severity Moderate
Replace with/ Apply Patch 5.5 U3i*
Mitigation/ Workaround None
VMware Product ESXi
Product Version 6.7
Running on Any
Severity Moderate
Replace with/ Apply Patch ESXi670-201806401-BG* ESXi670-201806402-BG**
Mitigation/ Workaround None
VMware Product ESXi
Product Version 6.5
Running on Any
Severity Moderate
Replace with/ Apply Patch ESXi650-201806401-BG* ESXi650-201806402-BG**
Mitigation/ Workaround None
VMware Product ESXi
Product Version 6.0
Running on Any
Severity Moderate
Replace with/ Apply Patch ESXi600-201806401-BG* ESXi600-201806402-BG**
Mitigation/ Workaround None
VMware Product ESXi
Product Version 5.5
Running on Any
Severity Moderate
Replace with/ Apply Patch ESXi550-201806401-BG* ESXi550-201806402-BG**
Mitigation/ Workaround None
VMware Product Workstation
Product Version 14.x
Running on Any
Severity Moderate
Replace with/ Apply Patch 14.1.2*
Mitigation/ Workaround None
VMware Product Fusion
Product Version 10.x
Running on Any
Severity Moderate
Replace with/ Apply Patch 10.1.2*
Mitigation/ Workaround None

* There are additional VMware and 3rd party requirements for CVE-2018-3639 mitigation beyond applying these updates. Please see VMware Knowledge Base article 55111 for details.
 ** If available, these ESXi patches apply the required microcode updates. The included microcode updates are documented in the VMware Knowledge Base articles listed in the Solution section.

 

4. Solution

 

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

 

vCenter Server 6.7.0b
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC670B&productId=742&rPId=24511

Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670b-release-notes.html

 

vCenter Server 6.5 U2b
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC65U2B&productId=614&rPId=24437

Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2b-release-notes.html

 

vCenter Server 6.0 U3f
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3F&productId=491&rPId=24398

Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3f-release-notes.html

 

vCenter Server 5.5 U3i
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC55U3I&productId=353&rPId=24327

Documentation:
https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u3i-release-notes.html

 

VMware ESXi 6.7
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55920
https://kb.vmware.com/kb/55921 (microcode)

 

VMware ESXi 6.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55915
https://kb.vmware.com/kb/55916 (microcode)

 

VMware ESXi 6.0
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55910
https://kb.vmware.com/kb/55911 (microcode)

 

VMware ESXi 5.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55905
https://kb.vmware.com/kb/55906 (microcode)

 

VMware Workstation Pro, Player 14.1.2

Downloads and Documentation:

https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/go/downloadplayer

 

VMware Fusion Pro / Fusion 10.1.2

Downloads and Documentation:

https://www.vmware.com/go/downloadfusion
 

6. Change log

 

2018-05-21: VMSA-2018-0012

Initial security advisory in conjunction with the release of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.

 

2018-06-28: VMSA-2018-0012.1
Updated security advisory in conjunction with the release of vCenter Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 - 6.7 patches on 2018-06-28.

 

7. Contact

 

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

http://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2018 VMware Inc. All rights reserved.

 

Sign up for Security Advisories

Enter your email address: