VmWare releases the patch to fix CPU vulnerabilities in VMware ESXi, Workstation and Fusion

VMWare released the patches for VMware ESXi, Workstation, and Fusion to fix side-channel analysis due to speculative execution. Users should install patches as soon as possible.

CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.

Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.

You can download the patch here.

Source: vmware