Loading Posts...

Speculative Execution Security Issues with VMware – Spectre and Meltdown

It was announced that the CPU data cache timing can be abused by the software layer and can lead to an information security vulnerability. This is a direct impact to a shared resource utilization and below variants have been identified by Google Project Zero and other associated researchers.

These are the variants :

  • bounds check bypass – a.k.a. Spectre
  • branch target injection – a.k.a. Spectre
  • rogue data cache load – a.k.a. Meltdown

VMware hypervisor affected only with first two variants (only with Spectre) and at the time of writing this post we do not need to worry about the  third variant.

There are three type of mitigation categories in relation to VMware hypervisors

  • Hypervisor-Specific Mitigation – Mitigate the information leakage from hypervisor or guest Virtual Machine to a malicious guest Virtual Machine which is running in the same host.
    • Affected Products: 
      • VMware vSphere ESXi (5.5,6.0 and 6.5)
      • VMware Workstation (12.X and 14.x)
      • VMware Fusion (8.x and 10.X)
    • VMware Security Advisory ID: VMSA-2018-0002
    • Patches for ESXi: 
      • 6.5 – ESXi650-201712101-SG
      • 6.0 – ESXi600-201711101-SG
      • 5.5 – ESXi550-201709101-SG (Only address to the branch target injection)
    • Patches for Workstation: 
      • 14.x – Not affected
      • 12.x – 12.5.8
    • Patches for Fusion: 
      • 10.x – Not affected
      • 8.x – 8.5.9
  • Hypervisor-Assisted Guest Mitigation – It virtualize a speculative-execution control mechanism to a guest VM. So mitigation requires a specific microcode patch from OS or the processor firmware/BIOS vendor
    • Affected Products : 
      • VMware vCenter Server (VC) – (5.5, 6.0, 6.5)
      • VMware vSphere ESXi (5.5,6.0 and 6.5)
      • VMware Workstation (12.X and 14.x)
      • VMware Fusion (8.x and 10.X)
    • VMware Security Advisory ID: VMSA-2018-0004
    • Patches for vCenter:
      • VC6.5 – 6.5 U1e
      • VC6.0 – 6.0 U3d
      • VC5.5 – 5.5 U3g
    • Patches for the ESXi: “All the ESXi patches associated with VMSA-2018-0004 have been pulled back from the online and offline portal”. These patches issued(ESXi650-201801402-BG, ESXi600-201801402-BG, and ESXi550-201801401-BG)along with the Microcodes and issues appeared after patching the OS, so ”
      For ESXi hosts that have not yet applied one of the following patches ESXi650-201801402-BG, ESXi600-201801402-BG, or ESXi550-201801401-BG, VMware recommends not doing so at this time. It is recommended to apply the patches listed in VMSA-2018-0002 instead”.
    • Patches for Workstation:
      • 14.x – 14.1.1
      • 12.x – 12.5.9
    • Patches for Fusion:
      • 10.x – 10.1.1 (OS X)
      • 8.x – 8.5.10 (OS X)
  • Operating System-Specific Mitigations – This mitigation should be done with the OS vendors.

References: 

Speculative Execution Security Issues with VMware – Spectre and Meltdown
5 (100%) 1 vote

Aruna Lakmal

Senior Virtualization Engineer at Pearson, Sri Lanka. Technology junky, enthusiast, a VMware vExpert and a blogger with more than 6 years of Experience in Information Technology more focusing on VMware Virtualization, Microsoft and Datacenter Technologies.

Get Updates Directly To Your Inbox!

   

Leave a Reply

Loading Posts...