Moderate
VMSA-2022-0020
5.6
2022-07-12
2022-07-12 (Initial Advisory)
CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities
1. Impacted Products
- VMware ESXi
- VMware Cloud Foundation
2. Introduction
Multiple side-channel vulnerabilities in Intel (CVE-2022-29901, CVE-2022-28693) and AMD (CVE-2022-23816, CVE-2022-23825) CPUs have been disclosed. Patches are available to mitigate these vulnerabilities in affected VMware products.
3. Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities
Description
VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6.
Known Attack Vectors
A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host.
Resolution
To mitigate CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, and CVE-2022-23825, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below. These patches do not introduce performance impact.
Workarounds
None.
Additional Documentation
A supplemental FAQ was created for additional clarification.
Notes
None.
Acknowledgements
None.
Response Matrix:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
ESXi | 7.0 | Any | CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825 | moderate
| None | |||
ESXi | 6.7 | Any | CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825 | moderate
| None | |||
ESXi | 6.5 | Any | CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825 | moderate
| None |
Impacted Product Suites that Deploy Response Matrix Components:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
Cloud Foundation (ESXi) | 4.x | Any | CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825 | moderate
| Patch Pending | None | ||
Cloud Foundation (ESXi) | 3.x | Any | CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825 | moderate
| None |
4. References
ESXi70U3sf-20036586:
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3f-release-notes.html
ESXi670-202207401-SG:
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202207001.html
ESXi650-202207401-SG:
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202207001.html
KB Articles:
VCF 4.x: Patch Pending
VCF 3.x: https://kb.vmware.com/s/article/88927
FAQ:
https://via.vmw.com/vmsa-2022-0020-qna
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
FIRST CVSSv3 Calculator:
CVE-2022-23816: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-28693: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-29901: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5. Change Log
2022-07-12: VMSA-2022-0022
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
E-mail: security@vmware.com
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2022 VMware Inc. All rights reserved.
Read full article (vmware.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.