Categories: Security Update

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal FaultVMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

VMware has released Security patches that affected multiple products includes vSphere, Workstation, Fusion, and Virtual Appliances. Successful exploitation of these vulnerability leads to sensitive information disclosure.

VMware Security patches

VMSA-2018-0021

With the security update, VMware address L1 Terminal Fault OS vulnerability in VMware Virtual Appliances, successful exploitation of the vulnerability leads to unauthorized disclosure of information that resides in L1 data cache to an attacker with local user access.

VMware Security UpdatesVMware Security Updates

The vulnerability can be tracked as CVE-2018-3620, the impact of the vulnerability is moderate and the Patches are Pending. VMware recommends contacting your 3rd party operating system vendor to determine the mitigations.

VMSA-2018-0020

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault. Successful exploitation of the vulnerability allows a VM running in the same CPU core to effectively read another VM’s privileged information that resides in the L1 data cache.

The vulnerability can be tracked as CVE-2018-3646 and it has two attack vectors Sequential-Context and Concurrent-Context. Vmware released patches only the Sequential-context attack vector and the Concurrent-Context can be mitigated by enabling a feature ESXi Side-Channel-Aware Scheduler.

VMSA-2018-0022

The update is to address out-of-bounds write issue with VMware Workstation and Fusion in e1000 device allow a guest user to execute code. The critical Vulnerability can be tracked as CVE-2018-6973.

The code execution vulnerability has been fixed with VMware Workstation Pro/Player version 14.1.3 and with VMware Fusion Pro / Fusion 10.1.3.

Also Read

Adobe Released August Patch Covering 11 Vulnerabilities That Affects Multiple Popular Adobe Products

TLS 1.3 Released – Most Important Security Protocol on the Internet with Extreme Privacy, Security, and Performance

Oracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple Versions

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: L1 Terminal FaultSecurity UpdateVMware Security
7 years ago

Recent Posts

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of…

8 hours ago

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S.…

17 hours ago

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious…

18 hours ago

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in…

21 hours ago

Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging…

22 hours ago

Threat Actors Target Critical National Infrastructure with New Malware and Tools

A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term…

23 hours ago