Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: August 2018

Monthly Archives: August 2018

VMware Security Advisory VMSA-2018-0020 and VMSA-2018-0021 – L1 Terminal Fault (L1TF): CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615

Greetings from the VMware Security Response Center!

Today we have published security advisories, knowledge base articles, updates, patches, and tools in response to new Speculative-Execution vulnerabilities in Intel processors known collectively as ‘L1 Terminal Fault’ or ‘L1TF.’

These vulnerabilities are identified by CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615.

There is a lot of documentation on this event, so I wanted to summarize the core points in a short message.

The important stuff:

KB article 55636 should be considered the centralized source of truth for this event. Make sure you click ‘Subscribe to Article’ in the Actions box of this article to be alerted when any publication on L1TF is updated. That article links off to detailed responses for the individual issues.

CVE-2018-3646 is the most severe of the L1TF issues and affects hypervisors using Intel processors. It has 2 known attack vectors which both need to be mitigated. The first attack vector is mitigated through a vSphere update process including vCenter and ESXi. The second attack vector is mitigated by enabling a new advanced configuration option hyperthreadingMitigation included in the updates. This advanced configuration option may have a performance impact so we have not enabled it by default. This will limit your operational risk by giving you time to analyze your environment’s capacity prior to enabling the mitigation.

CVE-2018-3620 is a local privilege escalation which requires base operating system (SLES/Photon) updates for mitigation. Patches are pending for affected appliances, but most have workarounds documented. Make sure you contact your 3rd party operating system vendor(s) for mitigation instructions as well.

CVE-2018-3615 does not affect VMware products.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2018-0019 and Updated Security Advisory VMSA-2015-0007.7

Today, VMware has released the following new and updated security advisories:

VMSA-2018-0019Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
VMSA-2015-0007.7 VMware vCenter and ESXi updates address critical security issues

VMSA-2018-0019 documents the remediation of an important severity out-of-bounds read vulnerability (CVE-2018-6970) in Horizon 6, 7, and Horizon Client for Windows. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

VMSA-2015-0007.7 was issued to add the patches for ESXi 6.0, 6.5 and 6.7 that address CVE-2015-5177. Recently, we found that this issue affects ESXi 6.0, 6.5 and 6.7.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.