VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
Hypervisor mitigation can be classified into the two following categories:
- Hypervisor-Specific remediation (documented in this advisory)
- Hypervisor-Assisted Guest Remediation (documented in VMSA-2018-0004)
The ESXi patches and new versions of Workstation and Fusion of VMSA-2018-0004 include the Hypervisor-Specific remediation documented in this VMware Security Advisory.
More information on the types of remediation may be found in VMware Knowledge Base article 52245.
Bounds-Check bypass and Branch Target Injection issues
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.
Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.
Column 5 of the following table lists the action required to remediate the observed vulnerability in each release, if a solution is available.
* This patch mitigates CVE-2017-5715 but not CVE-2017-5753. Please see KB52345 for important information on ESXi microcode patches.
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware ESXi 6.5
VMware ESXi 5.5
VMware Workstation Pro, Player 12.5.8
VMware Fusion Pro / Fusion 8.5.9
Downloads and Documentation:
6. Change log
Initial security advisory
Updated security advisory after release of ESXi 5.5 patch (ESXi550-201801401-BG) that has remediation against both CVE-2017-5753 and CVE-2017-5715 on 2018-01-09.
Updated security advisory with microcode information found in KB52345.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at:
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2018 VMware Inc. All rights reserved.