VMSA-2019-0008 : MDS Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

medium Nessus Plugin ID 125146

Synopsis

The remote VMware ESXi host is missing one or more security-related patches.

Description

a. Hypervisor Specific and Hypervisor-Assisted Guest Mitigations for MDS vulnerabilities

vCenter Server, ESXi, Workstation, and Fusion updates support Hypervisor-Specific and Hypervisor-Assisted Guest Mitigations for MDS speculative execution vulnerabilities. These updates expose new CPU control bits via microcode listed in the table below to the Virtual Machine layer. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2019/000456.html

Plugin Details

Severity: Medium

ID: 125146

File Name: vmware_VMSA-2019-0008.nasl

Version: 1.8

Type: local

Published: 5/15/2019

Updated: 5/28/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2019-11091

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:6.5, cpe:/o:vmware:esxi:6.7, cpe:/o:vmware:esxi:6.0

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/14/2019

Vulnerability Publication Date: 5/30/2019

Reference Information

CVE: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

IAVA: 2019-A-0167

VMSA: 2019-0008