Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vmwareVMwareVMSA-2018-0004.3
HistoryJan 10, 2018 - 12:00 a.m.

VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

2018-01-1000:00:00
www.vmware.com
20

EPSS

0.975

Percentile

100.0%

JSON

New speculative-execution control mechanism for Virtual Machines

Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.

To remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met. Please note that these points are meant to be a brief overview. For a more in-depth explaination of the mitigation process please see VMware Knowledge Base Article 52085.

VMware Requirements

Third party Requirements

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Related

nessus 75
vmware 1
kaspersky 1
cve 2
cvelist 2
nvd 3
prion 2
openvas 44
redhat 24
oraclelinux 6
centos 6
suse 13
amazon 4
ibm 1
osv 1
debiancve 1
mageia 2
debian 4
threatpost 2
virtuozzo 1
cloudfoundry 1
slackware 1
ubuntu 2
nessus
nessus
VMware Player 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
2018-01-12 00:00:00
VMware Workstation 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
2018-01-12 00:00:00
VMware Fusion 8.x < 8.5.10 / 10.x < 10.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre) (macOS)
2018-01-12 00:00:00
vmware
vmware
VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities
2018-01-10 00:00:00
kaspersky
kaspersky
KLA11177 Multiple vulnerabilities in VMware products
2018-01-10 00:00:00
cve
cve
CVE-2017-4950
2018-01-11 14:29:00
CVE-2017-4949
2018-01-11 14:29:00
cvelist
cvelist
CVE-2017-4950
2018-01-11 14:00:00
CVE-2017-4949
2018-01-11 14:00:00
nvd
nvd
CVE-2017-4950
2018-01-11 14:29:00
CVE-2017-4949
2018-01-11 14:29:00
CVE-2017-5715
2018-01-04 13:29:00
prion
prion
Integer overflow
2018-01-11 14:29:00
Design/Logic Flaw
2018-01-11 14:29:00
openvas
openvas
openSUSE: Security Advisory for various KMPs (openSUSE-SU-2018:0745-1)
2018-03-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2631-2)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2018-1233)
2020-01-23 00:00:00
redhat
redhat
(RHSA-2018:0015) Important: linux-firmware security update
2018-01-04 00:45:44
(RHSA-2018:0023) Important: qemu-kvm security update
2018-01-04 16:04:03
(RHSA-2018:1196) Important: kernel security and bug fix update
2018-04-23 12:27:20
oraclelinux
oraclelinux
microcode_ctl security update
2018-01-21 00:00:00
microcode_ctl security update
2018-01-04 00:00:00
libvirt security update
2018-01-05 00:00:00
centos
centos
microcode_ctl security update
2018-01-04 19:41:20
libvirt security update
2018-01-04 19:54:04
microcode_ctl security update
2018-01-04 11:40:52
suse
suse
Security update for kernel-firmware (important)
2018-01-05 18:09:20
Security update for qemu (important)
2018-01-09 21:23:53
Security update for various KMPs (important)
2018-03-20 00:07:10
amazon
amazon
Important: microcode_ctl
2018-02-07 18:54:00
Important: qemu-kvm
2018-01-12 21:24:00
Important: linux-firmware
2018-02-20 21:46:00
ibm
ibm
Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715)
2023-04-18 18:22:18
osv
osv
CVE-2017-5715
2018-01-04 13:29:00
debiancve
debiancve
CVE-2017-5715
2018-01-04 13:29:00
mageia
mageia
Updated microcode packages fix security vulnerabilities
2018-01-13 17:28:36
Updated microcode packages fix security vulnerability
2018-05-29 22:41:14
debian
debian
[SECURITY] [DLA 2148-1] amd64-microcode security update
2020-03-20 19:56:36
[SECURITY] [DLA 1362-1] gcc-4.9-backport new package
2018-04-25 16:19:40
[SECURITY] [DLA 1349-1] linux-tools security update
2018-04-16 22:31:08
threatpost
threatpost
New Spectre-Level Flaw Targets Return Stack Buffer
2018-07-23 18:27:20
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
2018-04-04 15:18:47
virtuozzo
virtuozzo
Kernel update: new kernel 3.10.0-693.21.1.vz7.46.7, Virtuozzo 7.0 Update 7 Hotfix 2 (7.0.7-453)
2018-04-28 00:00:00
cloudfoundry
cloudfoundry
USN-3690-2: AMD Microcode regression | Cloud Foundry
2018-07-19 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-02-07 06:34:12
ubuntu
ubuntu
libvirt update
2018-02-07 00:00:00
intel-microcode update
2018-03-29 00:00:00

EPSS

0.975

Percentile

100.0%

JSON
Related for VMSA-2018-0004.3
nessus75vmware1kaspersky1cve2cvelist2nvd3prion2openvas44redhat24oraclelinux6centos6suse13amazon4ibm1osv1debiancve1mageia2debian4threatpost2virtuozzo1cloudfoundry1slackware1ubuntu2