The purpose of this article is to provide an overview of the security issues related to speculative execution in Intel processors described by CVE-2018-3646 (L1 Terminal Fault - VMM), CVE-2018-3620 (L1 Terminal Fault - OS), and CVE-2018-3615 (L1 Terminal Fault - SGX) as they apply to VMware products. Because there will be multiple documents necessary to respond to these issues, consider this document as the centralized source of truth for these issues.

The Update History section of this article will be revised when there is a significant change to any of the related documentation. Click Subscribe to Article in the Actions box to be alerted when new information is added to this document and sign up at our Security-Announce mailing list to receive new and updated VMware Security Advisories.

Background

To assist in understanding Speculative Execution vulnerabilities, VMware previously defined the following categories in  KB317615and  KB318668- here is a brief summary of these four categories:

• Hypervisor-Specific Mitigations prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.
• Hypervisor-Assisted Guest Mitigations virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.
• Operating System-Specific Mitigations are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware virtual appliances, by VMware.
• Microcode Mitigations are applied to a system’s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective.

Mitigation Category Summary for current Speculative Execution Issues:

• CVE-2018-3646 (L1 Terminal Fault - VMM)

• CVE-2018-3620 (L1 Terminal Fault - OS)

• CVE-2018-3615 (L1 Terminal Fault - SGX)

CVE-2018-3646 (L1 Terminal Fault - VMM)
VMware Skyline Health Diagnostics for vSphere - FAQ (345059)

Hypervisor-Specific Mitigations

VMware has provided Hypervisor-Specific Mitigations for CVE-2018-3646. AMD processors are not affected. Refer to the following KB articles for product-specific mitigation procedures and/or vulnerability analysis:

• vSphere KB317621
• Hosted (Workstation/Fusion) KB317620
• VMware SaaS offerings: KB302543

CVE-2018-3620 (L1 Terminal Fault - OS)

Operating System-Specific Mitigations

VMware has investigated the impact CVE-2018-3620 may have on virtual appliances. Details on this investigation including a list of unaffected virtual appliances can be found in KB317618.

Products that ship as an installable windows or linux binary are not directly affected, but patches may be required from the respective operating system vendor that these products are installed on. VMware recommends contacting your 3rd party operating system vendor to determine appropriate actions for mitigation of CVE-2018-3620. This issue may be applicable to customer-controlled environments running in a VMware SaaS offering, review KB302543.

Check more information about L1TF here