VMSA-2018-0007

VMware Virtual Appliance updates address side-channel analysis due to speculative execution

VMware Security Advisory
 
VMware Security Advisory Advisory ID:
  VMSA-2018-0007
VMware Security Advisory Severity:
  Important
VMware Security Advisory Synopsis:
  VMware Virtual Appliance updates address side-channel analysis due to speculative execution
VMware Security Advisory Issue date:
  2018-02-08
VMware Security Advisory Updated on:
  2018-02-08
VMware Security Advisory CVE numbers:
  CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
1. Summary

VMware Virtual Appliance updates address side-channel analysis due to speculative execution


Note:

 

This document will focus on VMware Virtual Appliances which are affected by the known variants of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

 

For more information please see Knowledge Base article 52264.

 

These mitigations are part of the Operating System-Specific Mitigations category described in VMware Knowledge Base article 52245.

2. Relevant Products
  • vCloud Usage Meter (UM)
  • Identity Manager (vIDM)
  • vCenter Server (vCSA)
  • vSphere Data Protection (VDP)
  • vSphere Integrated Containers (VIC)
  • vRealize Automation (vRA)   
3. Problem Description

VMware Virtual Appliance Mitigations for Bounds-Check bypass, Branch Target Injection, and Rogue data cache load issues
 

CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.


The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5715 (Branch Target Injection), CVE-2017-5754 (Rogue data cache load) to these issues.

 

Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.

VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
VMware Product UM
Product Version 3.x
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround KB52467
VMware Product vIDM
Product Version 3.x, 2.x
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround KB52284
VMware Product vCSA
Product Version 6.5
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround KB52312
VMware Product vCSA
Product Version 6.0
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround KB52312
VMware Product vCSA
Product Version 5.5
Running on VA
Severity N/A
Replace with/ Apply Patch Unaffected
Mitigation/ Workaround N/A
VMware Product VDP
Product Version 6.x
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround None
VMware Product VIC
Product Version 1.x
Running on VA
Severity Important
Replace with/ Apply Patch 1.3.1
Mitigation/ Workaround None
VMware Product vRA
Product Version 7.x
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround KB52377
VMware Product vRA
Product Version 6.x
Running on VA
Severity Important
Replace with/ Apply Patch Patch Pending
Mitigation/ Workaround KB52497


4. Solution

 

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

 

vSphere Integrated Containers 1.3.1

Downloads and Documentation:

https://my.vmware.com/group/vmware/get-download?downloadGroup=VIC131

6. Change log

 

2018-02-08: VMSA-2018-0007
Initial security advisory in conjunction with the release of vSphere Integrated Containers 1.3.1 on 2018-02-08.

 

7. Contact

 

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

http://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2018 VMware Inc. All rights reserved.

 

Sign up for Security Advisories

Enter your email address: