Categories: Security Update

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

VMware has released Security patches that affected multiple products includes vSphere, Workstation, Fusion, and Virtual Appliances. Successful exploitation of these vulnerability leads to sensitive information disclosure.

VMware Security patches

VMSA-2018-0021

With the security update, VMware address L1 Terminal Fault OS vulnerability in VMware Virtual Appliances, successful exploitation of the vulnerability leads to unauthorized disclosure of information that resides in L1 data cache to an attacker with local user access.

The vulnerability can be tracked as CVE-2018-3620, the impact of the vulnerability is moderate and the Patches are Pending. VMware recommends contacting your 3rd party operating system vendor to determine the mitigations.

VMSA-2018-0020

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault. Successful exploitation of the vulnerability allows a VM running in the same CPU core to effectively read another VM’s privileged information that resides in the L1 data cache.

The vulnerability can be tracked as CVE-2018-3646 and it has two attack vectors Sequential-Context and Concurrent-Context. Vmware released patches only the Sequential-context attack vector and the Concurrent-Context can be mitigated by enabling a feature ESXi Side-Channel-Aware Scheduler.

VMSA-2018-0022

The update is to address out-of-bounds write issue with VMware Workstation and Fusion in e1000 device allow a guest user to execute code. The critical Vulnerability can be tracked as CVE-2018-6973.

The code execution vulnerability has been fixed with VMware Workstation Pro/Player version 14.1.3 and with VMware Fusion Pro / Fusion 10.1.3.

Also Read

Adobe Released August Patch Covering 11 Vulnerabilities That Affects Multiple Popular Adobe Products

TLS 1.3 Released – Most Important Security Protocol on the Internet with Extreme Privacy, Security, and Performance

Oracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple Versions

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: L1 Terminal FaultSecurity UpdateVMware Security
7 years ago

Recent Posts

Beware of Fake Job Interview Challenges Targeting Developers to Deliver Malware

A new wave of cyberattacks, dubbed "DeceptiveDevelopment," has been targeting freelance developers through fake job…

20 minutes ago

New Phishing Attack Targets Amazon Prime Users to Steal Login Credentials

A new phishing campaign targeting Amazon Prime users has been identified, aiming to steal login…

44 minutes ago

LightSpy Malware Expands With 100+ Commands to Target Users Across All Major OS Platforms

The LightSpy surveillance framework has significantly evolved its operational capabilities, now supporting over 100 commands…

2 hours ago

Critical RCE Vulnerability in MITRE Caldera – Proof of Concept Released

A critical remote code execution (RCE) vulnerability has been uncovered in MITRE Caldera, a widely…

3 hours ago

CISA Alerts: Oracle Agile Vulnerability Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active…

4 hours ago

Hackers Evade Outlook Spam Filters to Deliver Malicious ISO Files

A newly discovered technique allows threat actors to circumvent Microsoft Outlook’s spam filters to deliver…

4 hours ago