Moderate

VMSA-2022-0020.1
5.6
2022-07-12
2022-08-09
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

Share this page on social media

Sign up for Security Advisories

1. Impacted Products
  • VMware ESXi
  • VMware Cloud Foundation
2. Introduction

Multiple side-channel vulnerabilities in Intel (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) and AMD (CVE-2022-23816, CVE-2022-23825) CPUs have been disclosed. Patches are available to mitigate these vulnerabilities in affected VMware products.

3. Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities

Description

VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6.

Known Attack Vectors

A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host.

Resolution

To mitigate CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, and CVE-2022-26373, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below. These patches do not introduce performance impact.

Workarounds

None.

Additional Documentation

A supplemental FAQ was created for additional clarification.

Notes

CVE-2022-26373 was disclosed by Intel on August 9th, 2022. VMware ESXi patches previously provided also mitigate CVE-2022-26373.

Acknowledgements

None.

Response Matrix:

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
ESXi
7.0
Any
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373
moderate
None
ESXi
6.7
Any
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373
moderate
None
ESXi
6.5
Any
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373
moderate
None

Impacted Product Suites that Deploy Response Matrix Components:

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
Cloud Foundation (ESXi)
4.x
Any
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373
moderate
None
Cloud Foundation (ESXi)
3.x
Any
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373
moderate
None
4. References
5. Change Log

2022-07-12: VMSA-2022-0020
Initial security advisory.

2022-08-09: VMSA-2022-0020.1
Added CVE-2022-26373 to advisory in conjunction with its public disclosure by Intel. VMware ESXi patches previously provided also mitigate CVE-2022-26373.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2022 VMware Inc. All rights reserved.