Implementing Hypervisor-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) in VMware Workstation and Fusion
search cancel

Implementing Hypervisor-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) in VMware Workstation and Fusion

book

Article ID: 337806

calendar_today

Updated On:

Products

VMware Desktop Hypervisor VMware vSphere ESXi

Issue/Introduction

This article documents the Hypervisor-Specific Mitigations enablement process required to address Microarchitectural Data Sampling (MDS) Vulnerabilities identified by CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 in Workstation and Fusion.  

In addition to the Hypervisor-Specific Mitigations described in this article, Hypervisor-Assisted Guest Mitigations and Operating System-Specific Mitigations are also required. These additional mitigations are documented VMSA-2019-0008.  
  
The Update History section of this article will be revised if there is a significant change. Click Subscribe to Article in the Actions box to be alerted when new information is added to this document and sign up at our Security-Announce mailing list to receive new and updated VMware Security Advisories.

Environment

VMware vSphere ESXi 6.7

Resolution

Mitigation of the Sequential-attack-vector
Mitigation of the Sequential-attack-vector is done by deploying VMware Workstation Pro and Player 15.1.0 or greater, and VMware Fusion or Fusion Pro 11.1.0 or greater, as listed in VMSA-2019-0008. This mitigation is enabled by default and poses a minimal performance impact (refer to KB55767 for performance data).  
 
Mitigation of the Concurrent-attack-vector 
Mitigation of the Concurrent-attack-vector requires disabling Hyper-Threading Technology (HT) CPU features. 
 
Disabling Hyper-Threading may have a measurable performance impact on your application. For this reason, before disabling HT, it is important to review your host capacity to confirm whether or not your host will have sufficient resources (i.e. host CPU cores) to run the desired VMs after disabling HT.  
 
Disabling Hyper-Threading on systems running VMware Workstation
Disabling Hyper-Threading on a Windows or Linux host running VMware Workstation requires configuration changes at the system BIOS/EFI level. Refer to your motherboard / system hardware manufacturer’s guidance on how to disable this option from your BIOS/EFI firmware utility. 
 
Disabling Hyper-Threading on Macs running VMware Fusion 
For macOS Hosts running VMware Fusion, VMware has developed and provided a utility to disable Hyper-Threading. This utility, which includes usage instructions, has been attached to this Knowledge Base article. This utility is for macOS only and does not run on Windows or Linux systems. 
 
MD5 checksum of the downloadable archive: 2d65192600b90ebbf5e01b8e0bf5832d 

SHA1 checksum of the downloadable archive: f7e69d70de079e98c670303678f6ac0c9f1227ae  
 
Note: If you choose not to disable HT, the Concurrent attack vector will not be mitigated.  

Some systems do not allow for HT to be disabled. If HT cannot be disabled in BIOS or the hosted OS of the processor platform, then the Concurrent attack vector cannot be mitigated and a malicious VM  may be able to infer secrets of another VM or the host OS using https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646. This case cannot be mitigated by a hypervisor running in a hosted OS environment, regardless of patch level. The only solution in this case that ensures complete mitigation is to run sensitive VMs on other processor platforms where HT is disabled. Customers that choose to continue running VMs on processor platforms where HT cannot be disabled should be aware that MDS is not completely mitigated. 
 
Users should therefore analyze their performance and security requirements, and the trust level of the virtual machines running on their hosts, to determine the appropriate mitigation response to MDS