4.7 - VMSA-2018-0020

vCenter Server, ESXi, Workstation, and Fusion updates include

Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This

issue may allow a malicious VM running on a given CPU core to

effectively read the hypervisor’s or another VM’s privileged

information that resides sequentially or concurrently in the same

core’s L1 Data cache.

CVE-2018-3646 has two currently known attack vectors which will be

referred to as "Sequential-Context" and "Concurrent-Context."

Attack Vector Summary

Sequential-context attack vector: a malicious VM can potentially

infer recently accessed L1 data of a previous context (hypervisor

thread or other VM thread) on either logical processor of a processor

core.

Concurrent-context attack vector: a malicious VM can potentially

infer recently accessed L1 data of a concurrently executing context

(hypervisor thread or other VM thread) on the other logical processor

of the Hyper-Threading-enabled processor core.

Mitigation Summary

The Sequential-context attack vector is mitigated by a vSphere

update to the product versions listed in table below. This mitigation

is dependent on Intel microcode updates (provided in separate ESXi

patches for most Intel hardware platforms) also listed in the table

below. This mitigation is enabled by default and does not impose a

significant performance impact.

The Concurrent-context attack vector is mitigated through

enablement of a new feature known as the ESXi Side-Channel-Aware

Scheduler. This feature may impose a non-trivial performance impact

and is not enabled by default.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.