Lucene search

K
vmwareVMwareVMSA-2018-0007
HistoryFeb 08, 2018 - 12:00 a.m.

VMware Virtual Appliance updates address side-channel analysis due to speculative execution

2018-02-0800:00:00
www.vmware.com
520

EPSS

0.976

Percentile

100.0%

a. VMware Virtual Appliance Mitigations for Bounds-Check bypass (Spectre-1), and Rogue data cache load issues (Meltdown)

CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5754 (Rogue data cache load) to these issues.

Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.