Moderate. VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

  • 13 July 2022
  • 1 comment
  • 366 views

Userlevel 7
Badge +9

VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes.

There is a resolution to this issue, and as such there is no workaround discussed in this guide. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6. VMware ESXi enables you to:

  • Consolidate hardware for higher capacity utilization.
  • Increase performance for a competitive edge.
  • Streamline IT administration through centralized management.
  • Reduce CapEx and OpEx.
  • Minimize hardware resources needed to run the hypervisor, meaning greater efficiency.

Multiple side-channel vulnerabilities in Intel (CVE-2022-29901, CVE-2022-28693) and AMD (CVE-2022-23816, CVE-2022-23825) CPUs have been disclosed. Patches are available to mitigate these vulnerabilities in affected VMware products. Below are the impacted products.

  • VMware ESXi
  • VMware Cloud Foundation

What Exploit does this Vulnerability Present?

A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host. Here is the original blogpost.

 

Remediation

To mitigate CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, and CVE-2022-23825, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below. These patches do not introduce performance impact.

Response Matrix:

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version    
ESXi 7.0 Any CVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6 Moderate  ESXi70U3sf-20036586    
ESXi 6.7 Any CVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6 Moderate  ESXi670-202207401-SG    
ESXi 6.5 Any CVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6 Moderate  ESXi650-202207401-SG    

Impacted Product Suites that Deploy Response Matrix Components:

 

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version    
Cloud Foundation (ESXi) 4.x Any CVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6 Moderate  KB88695    
Cloud Foundation (ESXi) 3.x Any CVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6 Moderate  KB88927

1 comment

Userlevel 7
Badge +20

It is amazing all the recent patching for VMware 😂

Comment