VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Greetings from the VMware Security Response Center!

We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory.

The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities.

Because CVE-2017-5753 (Meltdown) is considered by some to be the most severe/exploitable of the issues, we did not want to wait for CVE-2017-5715 (Spectre-2) mitigations while Spectre-1/Meltdown fixes were ready to ship. We also understand that some customers may want to delay updating until all mitigations are in place. While we strongly recommend taking updates as soon as they become available, we wanted to be transparent about the fact that more updates are on the way.

Products will be enumerated in a new advisory when either of the following requirements are met to mitigate CVE-2017-5715:

1. IBPB/IBRS is supported.
2. Retpoline is supported.

Because this is an ongoing issue, VMware appliances will continue to accept improved open source mitigations as they are created.

The post VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.