VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)

2019-11-1200:00:00

www.vmware.com

201

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

22.4%

JSON

3a. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability (CVE-2018-12207)

VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

3b. Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA) Speculative-Execution vulnerability (CVE-2019-11135)

VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

CPENameOperatorVersion
esxiltESXi670-201911401-BG
esxiltESXi670-201911402-BG
esxiltESXi650-201911401-BG
esxiltESXi650-201911402-BG
esxiltESXi600-201911401-BG
esxiltESXi600-201911402-BG
workstationlt15.5.1
fusionlt11.5.1

Name	Operator	Version
esxi	lt	ESXi670-201911401-BG
esxi	lt	ESXi670-201911402-BG
esxi	lt	ESXi650-201911401-BG
esxi	lt	ESXi650-201911402-BG
esxi	lt	ESXi600-201911401-BG
esxi	lt	ESXi600-201911402-BG
workstation	lt	15.5.1
fusion	lt	11.5.1