1. Impacted Products

VMware ESXi

VMware Workstation

VMware Fusion



2. Introduction

Vulnerabilities have been disclosed which affect Intel processors:



CVE-2018-12207 - Machine Check Error on Page Size Change (MCEPSC)

CVE-2019-11135 - TSX Asynchronous Abort (TAA)

VMware Hypervisor patches are available which provide mitigation options for both CVE-2018-12207 and CVE-2019-11135.



3a. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability (CVE-2018-12207)



Description:



VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC). VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.



Known Attack Vectors:

A malicious actor with local access to execute code in a virtual machine may be able to trigger a purple diagnostic screen or immediate reboot of the Hypervisor hosting the virtual machine, resulting in a denial-of-service condition.



Resolution:

To mitigate CVE-2018-12207 please refer to the 'Response Matrix' below. First apply all patches listed in the 'Fixed Version' column and then follow the instructions found in the KB article in the 'Additional Documentation' column for your respective product.



Workarounds:

None.



Additional Documentation:

Because the mitigations for CVE-2018-12207 may have a performance impact they are not enabled by default. After applying all patches from the 'Fixed Version' column below mitigation can be enabled by following the instructions found in the KB article in the 'Additional Documentation' column for the product. Performance impact data found in KB76050 should be reviewed prior to enabling this mitigation.



Notes:

None.



Acknowledgements:

None.



Response Matrix: