PROWAREtech
VMWare L1TF Vulnerabilities Article
VMware Overview of ‘L1 Terminal Fault’ (L1TF) Speculative-Execution vulnerabilities in Intel processors: CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615
Updated On:
Products
VMware vCenter Server
Issue/Introduction
The purpose of this article is to provide an overview of the security issues related to speculative execution in Intel processors described by CVE-2018-3646 (L1 Terminal Fault - VMM), CVE-2018-3620 (L1 Terminal Fault - OS), and CVE-2018-3615 (L1 Terminal Fault - SGX) as they apply to VMware products. Because there will be multiple documents necessary to respond to these issues, consider this document as the centralized source of truth for these issues.
The Update History section of this article will be revised when there is a significant change to any of the related documentation. Click Subscribe to Article in the Actions box to be alerted when new information is added to this document and sign up at our Security-Announce mailing list to receive new and updated VMware Security Advisories.
Background
To assist in understanding Speculative Execution vulnerabilities, VMware previously defined the following categories in KB317615and KB318668- here is a brief summary of these four categories:
- Hypervisor-Specific Mitigations prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.
- Hypervisor-Assisted Guest Mitigations virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.
- Operating System-Specific Mitigations are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware virtual appliances, by VMware.
- Microcode Mitigations are applied to a system’s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective.
Mitigation Category Summary for current Speculative Execution Issues:
- CVE-2018-3646 (L1 Terminal Fault - VMM)
Mitigation of CVE-2018-3646 requires Hypervisor-Specific Mitigations for hosts running on Intel hardware.
- CVE-2018-3620 (L1 Terminal Fault - OS)
Mitigation of CVE-2018-3620 requires Operating System-Specific Mitigations.
- CVE-2018-3615 (L1 Terminal Fault - SGX)
CVE-2018-3615 does not affect VMware products and/or services. See KB54913 for more information.
Resolution
CVE-2018-3646 (L1 Terminal Fault - VMM)
VMware Skyline Health Diagnostics for vSphere - FAQ (345059)
Hypervisor-Specific Mitigations
VMware has provided Hypervisor-Specific Mitigations for CVE-2018-3646. AMD processors are not affected. Refer to the following KB articles for product-specific mitigation procedures and/or vulnerability analysis:
CVE-2018-3620 (L1 Terminal Fault - OS)
Operating System-Specific Mitigations
VMware has investigated the impact CVE-2018-3620 may have on virtual appliances. Details on this investigation including a list of unaffected virtual appliances can be found in KB317618.
Products that ship as an installable windows or linux binary are not directly affected, but patches may be required from the respective operating system vendor that these products are installed on. VMware recommends contacting your 3rd party operating system vendor to determine appropriate actions for mitigation of CVE-2018-3620. This issue may be applicable to customer-controlled environments running in a VMware SaaS offering, review KB302543.
