vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3646 to this issue.
CVE-2018-3646 has two currently known attack vectors which will be referred to as “Sequential-Context” and “Concurrent-Context.”
Attack Vector Summary
Mitigation Summary
Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.