VMware Virtual Appliance updates address side-channel analysis due to speculative execution
This document will focus on VMware Virtual Appliances which are affected by the known variants of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
For more information please see Knowledge Base article 52264.
These mitigations are part of the Operating System-Specific Mitigations category described in VMware Knowledge Base article 52245.
VMware Virtual Appliance Mitigations for Bounds-Check bypass, Branch Target Injection, and Rogue data cache load issues
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5715 (Branch Target Injection), CVE-2017-5754 (Rogue data cache load) to these issues.
Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vSphere Integrated Containers 1.3.1
Downloads and Documentation:
6. Change log
Initial security advisory in conjunction with the release of vSphere Integrated Containers 1.3.1 on 2018-02-08.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at:
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2018 VMware Inc. All rights reserved.