VMware response to Vector Register Sampling (CVE-2020-0548) and L1D Eviction Sampling (CVE-2020-0549) speculation execution vulnerabilities in Intel processors
search cancel

VMware response to Vector Register Sampling (CVE-2020-0548) and L1D Eviction Sampling (CVE-2020-0549) speculation execution vulnerabilities in Intel processors

book

Article ID: 336878

calendar_today

Updated On: 04-10-2025

Products

VMware Desktop Hypervisor VMware vCenter Server

Issue/Introduction

On January 27th, 2020 two vulnerabilities were disclosed by Intel in INTEL-SA-00329.

Vector Register Sampling (CVE-2020-0548) - CVSSv3 = 2.8
L1D Eviction Sampling (CVE-2020-0549) - CVSSv3 = 6.5

VMware has concluded investigations on the impact these vulnerabilities may have on our products.

Resolution

Vector Register Sampling (CVE-2020-0548) will require microcode updates for affected Intel processors. At the time of this publication Intel is planning on releasing microcode updates which resolve this vulnerability VMware recommends applying bios/firmware updates to resolve CVE-2020-0548 when they are made available by hardware vendors.

L1D Eviction Sampling (CVE-2020-0549) mitigation was previously addressed by the Hypervisor-Specific Mitigations for Microarchitectural Data Sampling (MDS) documented in VMSA-2019-0008 and by Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA) documented in VMSA-2019-0020.

The Update History section of this article will be revised if there is a significant change. Click Subscribe to be alerted when new information is added to this document and sign up at our  VMware Security Advisories to receive new and updated VMware Security Advisories.

Powered by Wolken Software