VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

2019-05-1400:00:00

www.vmware.com

146

0.001 Low

EPSS

Percentile

40.5%

JSON

3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091

vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

vCenter Server, ESXi, Workstation, and Fusion updates support Hypervisor-Assisted Guest Mitigations for MDS speculative execution vulnerabilities. These updates expose new CPU control bits via microcode listed in the table below to the Virtual Machine layer. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities.

CPENameOperatorVersion
vcenter server1lt6.7 U2a
vcenter server1lt6.5 U2g
vcenter server1lt6.0 U3i
esxi3ltESXi670-201911401-BG
esxi3ltESXi670-201911402-BG2
esxiltESXi650-201905401-BG
esxiltESXi650-201905402-BG2
esxiltESXi600-201905401-BG
esxiltESXi600-201905402-BG2
workstation3lt15.5.1

Name	Operator	Version
vcenter server1	lt	6.7 U2a
vcenter server1	lt	6.5 U2g
vcenter server1	lt	6.0 U3i
esxi3	lt	ESXi670-201911401-BG
esxi3	lt	ESXi670-201911402-BG2
esxi	lt	ESXi650-201905401-BG
esxi	lt	ESXi650-201905402-BG2
esxi	lt	ESXi600-201905401-BG
esxi	lt	ESXi600-201905402-BG2
workstation3	lt	15.5.1