VMware Security Advisories

Advisory ID VMSA-2019-0020
Advisory Severity Moderate
CVSSv3 Range 6.5
Synopsis VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)
Issue Date 2019-11-12
Updated On 2019-11-12 (Initial Advisory)
CVE(s) CVE-2018-12207, CVE-2019-11135
 
1. Impacted Products
  • VMware ESXi
  • VMware Workstation
  • VMware Fusion
 
2. Introduction
Vulnerabilities have been disclosed which affect Intel processors:
  • CVE-2018-12207 - Machine Check Error on Page Size Change (MCEPSC)
  • CVE-2019-11135 - TSX Asynchronous Abort (TAA)

VMware Hypervisor patches are available which provide mitigation options for both CVE-2018-12207 and CVE-2019-11135.

 
3a. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability (CVE-2018-12207)

Description:

VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

 

Known Attack Vectors:

A malicious actor with local access to execute code in a virtual machine may be able to trigger a purple diagnostic screen or immediate reboot of the Hypervisor hosting the virtual machine, resulting in a denial-of-service condition.

 

Resolution:

To mitigate CVE-2018-12207 please refer to the 'Response Matrix' below. First apply all patches listed in the 'Fixed Version' column and then follow the instructions found in the KB article in the 'Additional Documentation' column for your respective product.

 

Workarounds:

None.

 

Additional Documentation:

Because the mitigations for CVE-2018-12207 may have a performance impact they are not enabled by default. After applying all patches from the 'Fixed Version' column below mitigation can be enabled by following the instructions found in the KB article in the 'Additional Documentation' column for the product. Performance impact data found in KB76050 should be reviewed prior to enabling this mitigation.

 

Notes:

None.

 

Acknowledgements:

None.

 

Response Matrix:

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documents
ESXi 6.7 Any CVE-2018-12207 6.5 Moderate ESXi670-201911401-BG
ESXi670-201911402-BG
None KB59139
ESXi 6.5 Any CVE-2018-12207 6.5 Moderate ESXi650-201911401-BG
ESXi650-201911402-BG
None KB59139
ESXi 6.0 Any CVE-2018-12207 6.5 Moderate ESXi600-201911401-BG
ESXi600-201911402-BG
None KB59139
Workstation 15.x Any CVE-2018-12207 N/A N/A Unaffected N/A N/A
Fusion 11.x Any CVE-2018-12207 N/A N/A Unaffected N/A N/A
 
3b. Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA) Speculative-Execution vulnerability (CVE-2019-11135)

Description:

VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

 

Known Attack Vectors:

A malicious actor with local access to execute code in a virtual machine may be able to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself. This vulnerability is only applicable to Hypervisors utilizing 2nd Generation Intel® Xeon® Scalable Processors (formerly known as Cascade Lake) microarchitecture.

 

Resolution:

To mitigate CVE-2019-11135 apply all patches listed in the 'Fixed Version' column found in the 'Response Matrix' below.

 

Workarounds:

None.

 

Additional Documentation:

None.

 

Notes:

None.

 

Acknowledgements:

None.

 

Response Matrix:

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documents
ESXi 6.7 Any CVE-2019-11135 6.5 Moderate ESXi670-201911401-BG
ESXi670-201911402-BG
None None
ESXi 6.5 Any CVE-2019-11135 6.5 Moderate ESXi650-201911401-BG
ESXi650-201911402-BG
None None
ESXi 6.0 Any CVE-2019-11135 6.5 Moderate ESXi600-201911401-BG
ESXi600-201911402-BG
None None
Workstation 15.x Any CVE-2019-11135 6.5 Moderate 15.5.1 None None
Fusion 11.x Any CVE-2019-11135 6.5 Moderate 11.5.1 None None
5. Change log
 

2019-11-12: VMSA-2019-0020 

Initial security advisory detailing Hypervisor-Specific Mitigations for CVE-2018-12207 and CVE-2019-11135 in VMware ESXi, Workstation, and Fusion.

 

6. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2019 VMware Inc. All rights reserved.