VMSA-2018-0007:VMware Virtual Appliance updates address side-channel analysis due to speculative execution
23536
05 February 2018
05 February 2018
CLOSED
HIGH
CVE-2017-5753,CVE-2017-5715,CVE-2017-5754
VMSA-2018-0007.6
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
VMware Security Advisory
1. Summary
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
In order to clarify the mitigations provided in specific releases CVE-2017-5753 (Spectre-1), and CVE-2017-5754 (Meltdown) have been separated from CVE-2017-5715 (Spectre-2). Details on this change can be found in our companion blog.
This document will focus on VMware Virtual Appliances which are affected by the known variants of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
For more information please see Knowledge Base article 52264.
These mitigations are part of the Operating System-Specific Mitigations category described in VMware Knowledge Base article 52245.
2. Relevant Products
- vCloud Usage Meter (UM)
- Identity Manager (vIDM)
- vCenter Server (vCSA)
- vSphere Data Protection (VDP)
- vSphere Integrated Containers (VIC)
- vRealize Automation (vRA)
3. Problem Description
a. VMware Virtual Appliance Mitigations for Bounds-Check bypass (Spectre-1), and Rogue data cache load issues (Meltdown)
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5754 (Rogue data cache load) to these issues.
Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
b. VMware Virtual Appliance Mitigations for Branch Target Injection (Spectre-2)
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-5715 (Branch Target Injection) to this issue.
Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
4. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Identity Manager 3.2
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_identity_manager/3_2
VMware vRealize Automation 7.3.1
Downloads:
Documentation:
https://docs.vmware.com/en/vRealize-Automation/index.html
vCenter Server Appliance 6.5 U1f
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
vCenter Server Appliance 6.5 U2a
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
vCenter Server Appliance 6.0 U2g
Downloads:
https://my.vmware.com/web/vmware/details?productId=491&rPId=30130&downloadGroup=VC60U3G
Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3g-release-notes.html
vSphere Integrated Containers 1.3.1
Downloads and Documentation:
https://my.vmware.com/group/vmware/get-download?downloadGroup=VIC131
vSphere Data Protection (VDP) 6.1.8
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=614&downloadGroup=VDP618
https://www.vmware.com/support/pubs/vdr_pubs.html
vSphere Integrated Containers (VIC) 1.4.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VIC141&productId=749&rPId=24635
5. References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
https://kb.vmware.com/kb/52264
https://kb.vmware.com/kb/52245
https://kb.vmware.com/kb/52467
https://kb.vmware.com/kb/52284
https://kb.vmware.com/kb/52312
https://kb.vmware.com/kb/52377
https://kb.vmware.com/kb/52497
6. Change log
2018-02-08: VMSA-2018-0007
Initial security advisory in conjunction with the release of vSphere Integrated Containers 1.3.1 on 2018-02-08.
2018-02-15: VMSA-2018-0007.1
Split CVE-2017-5753 and CVE-2017-5754 from CVE-2017-5715 for clarity in conjunction with vCenter Server Appliance 6.5 U1f updates on 2018-02-15.
2018-03-15: VMSA-2018-0007.2
Updated in conjunction with the release of Identity Manager (vIDM) 3.2 and vRealize Automation (vRA) 7.3.1 on 2018-03-15.
2018-05-03: VMSA-2018-0007.3
Updated in conjunction with the release of vSphere Data Protection (VDP) 6.1.8 on 2018-05-03.
2018-05-31: VMSA-2018-0007.4
Updated in conjunction with the release of vCenter Server (vCSA) 6.5 U2a on 2018-05-31.
2018-07-13: VMSA-2018-0007.5
Updated in conjunction with the release of vSphere Integrated Containers (VIC) 1.4.1 on 2018-07-12.
2019-02-13: VMSA-2018-0007.6
Updated to correct the oversight that vCSA 6.0u3g resolved CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 on 2018-07-26.
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2018 VMware Inc. All rights reserved.