VMware has released Security patches that affected multiple products includes vSphere, Workstation, Fusion, and Virtual Appliances. Successful exploitation of these vulnerability leads to sensitive information disclosure.

VMware Security patches

VMSA-2018-0021

With the security update, VMware address L1 Terminal Fault OS vulnerability in VMware Virtual Appliances, successful exploitation of the vulnerability leads to unauthorized disclosure of information that resides in L1 data cache to an attacker with local user access.

VMware Security Updates

The vulnerability can be tracked as CVE-2018-3620, the impact of the vulnerability is moderate and the Patches are Pending. VMware recommends contacting your 3rd party operating system vendor to determine the mitigations.

EHA

VMSA-2018-0020

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault. Successful exploitation of the vulnerability allows a VM running in the same CPU core to effectively read another VM’s privileged information that resides in the L1 data cache.

VMware Security Updates

The vulnerability can be tracked as CVE-2018-3646 and it has two attack vectors Sequential-Context and Concurrent-Context. Vmware released patches only the Sequential-context attack vector and the Concurrent-Context can be mitigated by enabling a feature ESXi Side-Channel-Aware Scheduler.

VMSA-2018-0022

The update is to address out-of-bounds write issue with VMware Workstation and Fusion in e1000 device allow a guest user to execute code. The critical Vulnerability can be tracked as CVE-2018-6973.

VMware Security Updates

The code execution vulnerability has been fixed with VMware Workstation Pro/Player version 14.1.3 and with VMware Fusion Pro / Fusion 10.1.3.

Also Read

Adobe Released August Patch Covering 11 Vulnerabilities That Affects Multiple Popular Adobe Products

TLS 1.3 Released – Most Important Security Protocol on the Internet with Extreme Privacy, Security, and Performance

Oracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple Versions

LEAVE A REPLY

Please enter your comment!
Please enter your name here