Executive Summary

Summary
TitleVMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store
Informations
NameVMSA-2018-0012First vendor Publication2018-05-21
VendorVMwareLast vendor Modification2018-06-28
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score4.9Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (GOS) can remediate the Speculative Store bypass issue (CVE-2018-3639) using the Speculative-Store- Bypass-Disable (SSBD) control bit. This issue may allow for information disclosure in applications and/or execution runtimes which rely on managed code security mechanisms. Based on current evaluations, we do not believe that CVE-2018-3639 could allow for VM to VM or Hypervisor to VM Information disclosure.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3639 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2018-0012.html

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware3
Hardware16
Hardware6
Hardware30
Hardware3
Hardware1
Hardware2
Hardware2
Hardware2
Hardware2
Hardware3
Hardware1
Hardware2
Hardware127
Hardware182
Hardware62
Hardware33
Hardware15
Hardware8

Nessus® Vulnerability Scanner

DateDescription
2018-10-31Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_14_1.nasl - Type : ACT_GATHER_INFO
2018-10-31Name : The remote host is missing a macOS or Mac OS X security update that fixes mul...
File : macosx_SecUpd2018-005.nasl - Type : ACT_GATHER_INFO
2018-10-31Name : The remote host is missing a macOS security update that fixes multiple vulner...
File : macosx_SecUpd_10_13_6_2018-002.nasl - Type : ACT_GATHER_INFO
2018-10-18Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_14.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1265.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1267.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1270.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1271.nasl - Type : ACT_GATHER_INFO
2018-09-17Name : The remote Debian host is missing a security update.
File : debian_DLA-1506.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4273.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-208-01.nasl - Type : ACT_GATHER_INFO
2018-07-27Name : The remote Debian host is missing a security update.
File : debian_DLA-1446.nasl - Type : ACT_GATHER_INFO
2018-07-26Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1049.nasl - Type : ACT_GATHER_INFO
2018-07-24Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0151.nasl - Type : ACT_GATHER_INFO
2018-07-24Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0049.nasl - Type : ACT_GATHER_INFO
2018-07-20Name : The remote Debian host is missing a security update.
File : debian_DLA-1423.nasl - Type : ACT_GATHER_INFO
2018-07-18Name : The remote Virtuozzo host is missing multiple security updates.
File : Virtuozzo_VZA-2018-048.nasl - Type : ACT_GATHER_INFO
2018-07-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2162.nasl - Type : ACT_GATHER_INFO
2018-07-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2164.nasl - Type : ACT_GATHER_INFO
2018-07-09Name : The remote Fedora host is missing a security update.
File : fedora_2018-9f02e5ed7b.nasl - Type : ACT_GATHER_INFO
2018-07-05Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1965.nasl - Type : ACT_GATHER_INFO
2018-07-05Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1997.nasl - Type : ACT_GATHER_INFO
2018-07-05Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2001.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1192.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1193.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1194.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1195.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1196.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1197.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1200.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1201.nasl - Type : ACT_GATHER_INFO
2018-06-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1854.nasl - Type : ACT_GATHER_INFO
2018-06-20Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1153.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1037.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1038.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1039.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1034.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1037.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1038.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1039.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1033.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1034.nasl - Type : ACT_GATHER_INFO
2018-06-08Name : The remote Fedora host is missing a security update.
File : fedora_2018-aec846c0ef.nasl - Type : ACT_GATHER_INFO
2018-05-31Name : The remote Virtuozzo host is missing multiple security updates.
File : Virtuozzo_VZA-2018-037.nasl - Type : ACT_GATHER_INFO
2018-05-31Name : A server virtualization platform installed on the remote host is affected by ...
File : citrix_xenserver_CTX235225.nasl - Type : ACT_GATHER_INFO
2018-05-30Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1669.nasl - Type : ACT_GATHER_INFO
2018-05-30Name : The remote Fedora host is missing a security update.
File : fedora_2018-6367a17aa3.nasl - Type : ACT_GATHER_INFO
2018-05-29Name : The remote Virtuozzo host is missing multiple security updates.
File : Virtuozzo_VZA-2018-034.nasl - Type : ACT_GATHER_INFO
2018-05-29Name : The remote Fedora host is missing a security update.
File : fedora_2018-93c2e74446.nasl - Type : ACT_GATHER_INFO
2018-05-25Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2018-033.nasl - Type : ACT_GATHER_INFO
2018-05-25Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4210.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05818.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05820.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05821.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05822.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05823.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05824.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote AIX host is missing a security patch.
File : aix_IJ05826.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1629.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1632.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1633.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1647.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1648.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1649.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1650.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1651.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1660.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2018-06-30 00:20:34
  • Multiple Updates
2018-06-29 09:18:46
  • Multiple Updates
2018-05-22 00:19:09
  • First insertion