Executive Summary
Summary | |
---|---|
Title | VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability. |
Informations | |||
---|---|---|---|
Name | VMSA-2018-0020 | First vendor Publication | 2018-08-14 |
Vendor | VMware | Last vendor Modification | 2018-08-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.7 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache. CVE-2018-3646 has two currently known attack vectors which will be referred to as "Sequential-Context" and "Concurrent-Context." Attack Vector Summary Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core. Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core. Mitigation Summary The Sequential-context attack vector is mitigated by a vSphere update to the product versions listed in table below. This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) also listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact. The Concurrent-context attack vector is mitigated through enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. This feature may impose a non-trivial performance impact and is not enabled by default. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2018-0020.html |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Intel x86 L1 data cache side-channel analysis information leak attempt RuleID : 47598 - Revision : 1 - Type : OS-OTHER |
2020-12-05 | Intel x86 L1 data cache side-channel analysis information leak attempt RuleID : 47597 - Revision : 1 - Type : OS-OTHER |
2020-12-05 | Intel x86 L1 data cache side-channel analysis information leak attempt RuleID : 47596 - Revision : 1 - Type : OS-OTHER |
2020-12-05 | Intel x86 L1 data cache side-channel analysis information leak attempt RuleID : 47595 - Revision : 1 - Type : OS-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2019-01-03 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2018-f8cba144ae.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-683dfde81a.nasl - Type : ACT_GATHER_INFO |
2018-10-31 | Name : The remote host is missing a macOS security update that fixes multiple vulner... File : macosx_SecUpd_10_13_6_2018-002.nasl - Type : ACT_GATHER_INFO |
2018-10-31 | Name : The remote host is missing a macOS or Mac OS X security update that fixes mul... File : macosx_SecUpd2018-005.nasl - Type : ACT_GATHER_INFO |
2018-10-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201810-06.nasl - Type : ACT_GATHER_INFO |
2018-10-26 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1350.nasl - Type : ACT_GATHER_INFO |
2018-10-26 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1345.nasl - Type : ACT_GATHER_INFO |
2018-10-26 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1323.nasl - Type : ACT_GATHER_INFO |
2018-10-18 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_14.nasl - Type : ACT_GATHER_INFO |
2018-09-17 | Name : The remote Debian host is missing a security update. File : debian_DLA-1506.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1278.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote Fedora host is missing a security update. File : fedora_2018-915602df63.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1279.nasl - Type : ACT_GATHER_INFO |
2018-08-31 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-063.nasl - Type : ACT_GATHER_INFO |
2018-08-29 | Name : The remote Debian host is missing a security update. File : debian_DLA-1481.nasl - Type : ACT_GATHER_INFO |
2018-08-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2310b814a65211e8805ba4badb2f4699.nasl - Type : ACT_GATHER_INFO |
2018-08-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4279.nasl - Type : ACT_GATHER_INFO |
2018-08-20 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-055.nasl - Type : ACT_GATHER_INFO |
2018-08-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4274.nasl - Type : ACT_GATHER_INFO |
2018-08-16 | Name : A server virtualization platform installed on the remote host is affected by ... File : citrix_xenserver_CTX236548.nasl - Type : ACT_GATHER_INFO |
2018-08-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2018-1c80fea1cd.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1058.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : A virtualization application installed on the remote macOS or Mac OS X host i... File : macosx_fusion_vmsa_2018_0020.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-2390.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-2384.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-08-17 00:20:52 |
|
2018-08-16 21:21:19 |
|
2018-08-14 21:19:26 |
|