ASA-2019-00277 – VMware: Operating System-Specific Mitigations for MDS vulnerabilities

A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities. There are two known attack vector categories for MDS at the Virtual Machine level: Sequential-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a previous context otherwise protected by architectural mechanisms in the context of the same Virtual Machine. Concurrent-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a concurrently executing context on the other logical processor of the Hyper-Threading-enabled processor core in the context of the same Virtual Machine.

ASA-2019-00276 – VMware: Hypervisor-Assisted Guest Mitigations for MDS vulnerabilities

A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities. Virtual Machines hosted by VMware Hypervisors running on 2nd Generation Intel® Xeon® Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities. There are two known attack vector categories for MDS at the Virtual Machine level: Sequential-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a previous context otherwise protected by architectural mechanisms in the context of the same Virtual Machine. Concurrent-context attack vector (Intra-VM): a malicious local user of a Virtual Machine can potentially infer recently accessed data of a concurrently executing context on the other logical processor of the Hyper-Threading-enabled processor core in the context of the same Virtual Machine.

ASA-2019-00275 – VMware: Hypervisor-Specific Mitigations for MDS vulnerabilities

vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself via MDS vulnerabilities. There are two known attack vector variants for MDS at the Hypervisor level: Sequential-context attack vector (Inter-VM): a malicious VM can potentially infer recently accessed data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core. Concurrent-context attack vector (Inter-VM): a malicious VM can potentially infer recently accessed data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core.