Virtualisation

Moderate Severity VMSA-2022-0020: VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

VMwareESXi_1-1.jpg-1

VMware ESXi is a bare-metal hypervisor that installs directly onto your physical server and provides you direct access to and control of underlying resources. VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes. There is a resolution to this issue, as such, there is no workaround discussed in this guide. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6. VMware ESXi enables you to:

  • Consolidate hardware for higher capacity utilization.
  • Increase performance for a competitive edge.
  • Streamline IT administration through centralized management.
  • Reduce CapEx and OpEx.
  • Minimize hardware resources needed to run the hypervisor, meaning greater efficiency.

Multiple side-channel vulnerabilities in Intel (CVE-2022-29901, CVE-2022-28693) and AMD (CVE-2022-23816, CVE-2022-23825) CPUs have been disclosed. Patches are available to mitigate these vulnerabilities in affected VMware products. Below are the impacted products.

  • VMware ESXi
  • VMware Cloud Foundation

What Exploit does this Vulnerability Present?

A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host. Here are some related guides: How To Deploy Azure VMware Solution Private Cloud, Boot failure: How to fix EFI network timeout on VMware Workstation, and How to solve VMware workstation .lck error.

Remediation

To mitigate CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, and CVE-2022-23825, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below. These patches do not introduce performance impact.

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed Version
ESXi7.0AnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate ESXi70U3sf-20036586
ESXi6.7AnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate ESXi670-202207401-SG
ESXi6.5AnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate ESXi650-202207401-SG

Impacted Product Suites that Deploy Response Matrix Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed Version
Cloud Foundation (ESXi)4.xAnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate KB88695
Cloud Foundation (ESXi)3.xAnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate KB88927

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x