According to the VMSA-2018-0002 release, the patch for ESXi 5.5 " has remediation against CVE-2017-5715 but not against CVE-2017-5753.", with no further information offered.
So, that raises two questions:
1. Is ESXi 5.5 vulnerable to CVE-2017-5753 (seems likely)?
2. Is an additional patch forthcoming?
Patch is available now.
Advisory ID: VMSA-2018-0002.1
Severity: Important
Synopsis: VMware ESXi, Workstation and Fusion updates address
side-channel analysis due to speculative execution.
Issue date: 2018-01-03
Updated on: 2018-01-09
CVE number: CVE-2017-5753, CVE-2017-5715
VMware published the advisory board with two of the three CV from two (CVE-2017-5715 & CVE-2017-5753 no information for CVE-2017-5754)
refer to the VMware advisory link - VMSA-2018-0002 which addresses
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
CVE-2017-5754 - No information published by VMware
relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. Researchers have called this exploit "Meltdown". Subsequent memory accesses may cause an allocation into the L1 data cache even when they reference otherwise inaccessible memory locations. As a result, an unprivileged local attacker could read privileged (kernel space) memory (including arbitrary physical memory locations on a host) by conducting targeted cache side-channel attacks.
They have not provided any information on legacy VMware version prior to 5.1, pretty sure they are also affected. Let's wait for their next release.
Best to follow this thread - Intel CPU bug - VMware fix on the way?
Anyone have new updates on this?
I have read the Vmware article VMSA-2018-0002 however I am still in need of clarification if 5.5 will get patch for CVE-2017-5753. Right now the article is saying only 6 and 6.5 will be patch for CVE-2017-5753.
Also looking for information related to CVE-2017-5754
Thanks!
Dan
Read: VMSA-2018-0004 for further availability of the fixes on 5.5.
As far as CVE-2017-5754 is concerned as per the blog at VMSA-2018-0002 - VMware Security & Compliance Blog - VMware Blogs, It does not affect ESXi, Workstation, and Fusion because ESXi does not run un-trusted user mode code, and Workstation and Fusion rely on the protection that the underlying operating system provides.
Patch is available now.
Advisory ID: VMSA-2018-0002.1
Severity: Important
Synopsis: VMware ESXi, Workstation and Fusion updates address
side-channel analysis due to speculative execution.
Issue date: 2018-01-03
Updated on: 2018-01-09
CVE number: CVE-2017-5753, CVE-2017-5715
Hi kmzimm
You may want to see: VMware Knowledge Base - Hypervisor-Assisted Guest Mitigation for branch target injection (52085)
- Benedikt