VMSA-2018-0002 : VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. (Spectre)

medium Nessus Plugin ID 105584


The remote VMware ESXi host is missing one or more security-related patches.


Bounds Check bypass and Branch Target Injection issues

CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.

Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.


Apply the missing patches.

See Also


Plugin Details

Severity: Medium

ID: 105584

File Name: vmware_VMSA-2018-0002.nasl

Version: 3.9

Type: local

Published: 1/4/2018

Updated: 8/6/2018

Risk Information


Risk Factor: High

Score: 8.4


Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:H/RL:OF/RC:C


Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.5, cpe:/o:vmware:esxi:6.0, cpe:/o:vmware:esxi:6.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/3/2018

Exploitable With


Reference Information

CVE: CVE-2017-5715, CVE-2017-5753

VMSA: 2018-0002

IAVA: 2018-A-0020