On January 27th, 2020 two vulnerabilities were disclosed by Intel in INTEL-SA-00329.

Vector Register Sampling (CVE-2020-0548) - CVSSv3 = 2.8
L1D Eviction Sampling (CVE-2020-0549) - CVSSv3 = 6.5

VMware has concluded investigations on the impact these vulnerabilities may have on our products.

Vector Register Sampling (CVE-2020-0548) will require microcode updates for affected Intel processors. At the time of this publication Intel is planning on releasing microcode updates which resolve this vulnerability VMware recommends applying bios/firmware updates to resolve CVE-2020-0548 when they are made available by hardware vendors.

L1D Eviction Sampling (CVE-2020-0549) mitigation was previously addressed by the Hypervisor-Specific Mitigations for Microarchitectural Data Sampling (MDS) documented in VMSA-2019-0008 and by Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA) documented in VMSA-2019-0020.

The Update History section of this article will be revised if there is a significant change. Click Subscribe to be alerted when new information is added to this document and sign up at our Security-Announce mailing list to receive new and updated VMware Security Advisories.