Today VMware has released the following new and updated security advisories:

VMSA-2018-0016 – VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities.
VMSA-2018-0012.1 – VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store
VMSA-2018-0011.1 – Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud

VMSA-2018-0016 documents out-of-bound read issues in the shader translator of ESXi, Workstation and Fusion. These issues have severity important since they may lead to denial of service of the VM or to information disclosure.
VMware would like to thank RanchoIce of Tencent ZhanluLab (CVE-2018-6965, CVE-2018-6966, CVE-2018-6967) and a member of Cisco Talos (CVE-2018-6965) for independently reporting these issues to us.

VMSA-2018-0012.1 notes:

  • Hypervisor-Assisted Guest Mitigations for the Speculative-Store-Bypass issue (CVE-2018-3639) are now available since Intel has provided the required microcodes. The ESXi Knowledge Base articles found in the advisory list which microcodes are available from the ESXi patches.
  • The vCenter Server updates and ESXi patches in combination with the Intel microcode will make the Speculative-Store-Bypass-Disable (SSBD) control bit available to guest operating systems.
  • OS vendor patches that take advantage of SSBD will need to be deployed as well. OS Vendors typically do not enable SSBD by default. Consult your OS Vendor patch documentation for this.
  • The full steps needed to apply the Hypervisor-Assisted Guest Mitigations for CVE-2018-3639 are explained in VMware Knowledge Base article 55111 while VMware Knowledge Base article 54951 provides more background.
  • The initial release of VMSA-2018-0012 was discussed in an earlier blog post.

VMSA-2018-0011.1 was issued to correct the affected version.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.