logo
DATABASE RESOURCES PRICING ABOUT US

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

Description

3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5. vCenter Server, ESXi, Workstation, and Fusion updates support Hypervisor-Assisted Guest Mitigations for MDS speculative execution vulnerabilities. These updates expose new CPU control bits via microcode listed in the table below to the Virtual Machine layer. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5. A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities.


Affected Software


CPE Name Name Version
vcenter server1 6.7 U2a
vcenter server1 6.5 U2g
vcenter server1 6.0 U3i
esxi3 ESXi670-201911401-BG
esxi3 ESXi670-201911402-BG2
esxi ESXi650-201905401-BG
esxi ESXi650-201905402-BG2
esxi ESXi600-201905401-BG
esxi ESXi600-201905402-BG2
workstation3 15.5.1
fusion3 11.5.1
esxi ESXi670-201905401-BG
esxi ESXi670-201905402-BG2
esxi ESXi670-201905403-BG
workstation 15.1.0
fusion 11.1.0
vcloud usage meter any
identity manager 3.3.1+
vcenter server 6.7u2c
vcenter server 6.5u3
vmware data protection 6.x
vmware integrated containers 1.x
vrealize automation 8.0.0
vrealize automation 6.x

Related