VMware: Important Notice: Intel L1 Terminal Fault Vulnerabilities

VMware: Important Notice: Intel L1 Terminal Fault Vulnerabilities

14 avgust 2018

Important Notice: Intel L1 Terminal Fault Vulnerabilities

Dear Ingram Micro Partner:

On Tuesday, August 14th, Intel disclosed details on a new class of CPU speculative-execution vulnerabilities, known collectively as "L1 Terminal Fault." This new class of vulnerabilities can occur on current and past Intel processors (from at least 2009 - 2018) when affected Intel microprocessors are speculating beyond an unpermitted data access.

By continuing the speculation in these cases, the affected Intel microprocessors expose a new side-channel for attack, allowing a malicious VM to infer data in the hypervisor and other VMs running on a core.

 

 

Take Action

http://campaign.vmware.com/email_imgs/partner_templates/vmw-eml-partner-corner-30x30.gif

Access the KB article and subscribe to it today.

Notify your partners
to engage with their customers.

Sign-up for Security-announce to receive VMware Security Advisories.

 


http://campaign.vmware.com/email_imgs/vmworld2012/images/spacer.gif


As part of the August 14th disclosure by Intel, three vulnerabilities have been named:

  • CVE-2018-3646 (L1 Terminal Fault - VMM)
  • CVE-2018-3620 (L1 Terminal Fault - OS)
  • CVE-2018-3615 (L1 Terminal Fault – SGX, SMM)

The most severe of the three vulnerabilities (CVE-2018-3646: L1 Terminal Fault – VMM) impacts all hypervisors running on x86 Intel CPUs, including VMware vSphere, VMware Workstation, and VMware Fusion. As a consequence, our services that use these products (including VMware Cloud on AWS and VMware Horizon Cloud) and the partner environments within our VMware Cloud Provider Program are impacted.

Our top priority is protecting and ensuring the security of your and our mutual partners' and customers' data and systems. As is our practice, VMware has been working closely with industry partners, such as Intel and others, to assess the issue and determine the most effective update and/or patch in conjunction with our partners.

A Knowledge Base (KB) article has been created as the centralized source of information for this issue. This KB article provides links to additional KB articles with detailed mitigation processes for each of the attack vectors identified by the L1 Terminal Fault vulnerabilities.

We strongly encourage you to visit the KB repository as the centralized source of information for this issue, and click 'Subscribe to Article' (under Actions on the right) to be alerted when new information is added. We also encourage you to sign-up to our Security-announce mailing list to receive new and updated VMware Security Advisories.

We are proactively reaching out to ensure you and your partners and their customers are implementing the recommended mitigation processes to protect each of your environments.

VMware is fully engaged to address any of your issues or concerns. If you have any questions, please reach out to your VMware Distribution Account Manager or the Partner Network team.

Thank you,
Ingram Micro & VMware team

 

Please direct any questions to  vmware-serbia@ingrammicro.com  or contact your Ingram Micro representative.