VMSA-2018-0002

VMSA-2018-0002

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Today VMware has released the following new security advisory:

VMSA-2017-0002 – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

This advisory documents remediation for known variants of the Bounds-Check Bypass (CVE-2017-5753) and Branch Target Injection (CVE-2017-5715) issues due to speculative execution disclosed today by Google Project Zero. These issues may result in information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host.

A third issue due to speculative execution, Rogue Data Cache Load (CVE-2017-5754), was disclosed along the other two issues. It does not affect ESXi, Workstation, and Fusion because ESXi does not run untrusted user mode code, and Workstation and Fusion rely on the protection that the underlying operating system provides.

The remediation as documented in VMSA-2017-0002, has been present in VMware Cloud on AWS since early December 2017.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.

The post VMSA-2018-0002 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *