{"id":446,"date":"2018-01-05T13:34:16","date_gmt":"2018-01-05T13:34:16","guid":{"rendered":"http:\/\/michaelstoica.com\/?p=446"},"modified":"2018-01-05T13:34:16","modified_gmt":"2018-01-05T13:34:16","slug":"vmware-vmsa-2018-0002-vmsa-2018-0003","status":"publish","type":"post","link":"https:\/\/michaelstoica.com\/site\/vmware-vmsa-2018-0002-vmsa-2018-0003\/","title":{"rendered":"VMware VMSA-2018-0002 & VMSA-2018-0003"},"content":{"rendered":"

Google Prohect Zero released these days information about two vulnerabilities found on all major CPUs vendors: Meltdown – CVE-2017-5754<\/strong>\u00a0 rogue data cache load and Spectre – CVE-2017-5753 & CVE2017-5715<\/strong> bounds check bypass and branch target injection. You can read more about these here: https:\/\/googleprojectzero.blogspot.ro\/2018\/01\/reading-privileged-memory-with-side.html and\u00a0https:\/\/thehackernews.com\/2018\/01\/meltdown-spectre-vulnerability.html<\/p>\n

VMware released yesterday and today two security advisors that address this issue:\u00a0VMSA-2018-0002<\/strong> VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution and\u00a0VMSA-2018-0003<\/strong> vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.<\/p>\n

The VMSA-2018-002 address the following issue “CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.”<\/p>\n

Products that are affected:<\/p>\n