VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes.

There is a resolution to this issue, and as such there is no workaround discussed in this guide. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6. VMware ESXi enables you to:

• Consolidate hardware for higher capacity utilization.
• Increase performance for a competitive edge.
• Streamline IT administration through centralized management.
• Reduce CapEx and OpEx.
• Minimize hardware resources needed to run the hypervisor, meaning greater efficiency.

Multiple side-channel vulnerabilities in Intel (CVE-2022-29901, CVE-2022-28693) and AMD (CVE-2022-23816, CVE-2022-23825) CPUs have been disclosed. Patches are available to mitigate these vulnerabilities in affected VMware products. Below are the impacted products.

• VMware ESXi
• VMware Cloud Foundation

What Exploit does this Vulnerability Present?

A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host. Here is the original blogpost.

Remediation

To mitigate CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, and CVE-2022-23825, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below. These patches do not introduce performance impact.

Response Matrix:

Impacted Product Suites that Deploy Response Matrix Components: