VMware has discovered five security vulnerabilities in its popular Workstation, Fusion and ESXi products, with some issues impacting hypervisors using Intel Xeon Scalable processors, which have been affected by a new Zombieload flaw. One important-level vulnerability allows attackers to create a denial-of-service condition on their own virtual machine.
The virtualisation star unveiled both “important” and “moderate” severity advisories for the VMware products this week along with patches to solve the issues.
The more severe vulnerability found in Workstation and Fusion contains “an out-of-bounds write vulnerability in the e1000e virtual network adaptor,” said VMware in a security advisory. “VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.7.”
VMware said successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own virtual machine.
Another vulnerability in Workstation and Fusion is an information disclosure vulnerability in vmnetdhcp that, if abused, could allow an attacker on a guest virtual machine to disclose sensitive information by leaking memory from the host process. The third important-level vulnerability refers to a denial-of-service issue in the RPC handler allowing attackers with normal user privileges to create a denial-of-service issue condition on their own virtual machine.
VMware also released patches for two moderate issues that impact Workstation, Fusion and its ESXi hypervisor that affect Intel processors, dubbed TSX Asynchronous Abort (TAA), also known as Zombieload.
“VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC),” said VMware in its security advisories post. “VMware has evaluated this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.”
The first vulnerability is a machine check error on page size change that allows a hacker with local access to execute code in a virtual machine to trigger a purple diagnostic screen or immediate reboot of the hypervisor hosting the virtual machine, resulting in a denial-of-service condition, according to VMware.
The second security problem found is TAA, which enables an attacker with local access to execute code in a virtual machine to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself, said VMware. This particular vulnerability is only applicable to hypervisors utilising second-generation Intel Xeon Scalable processors.
This week, Intel released patches to combat the TAA vulnerability, known as Zombieload. The new Zombieload flaw can enable hackers with physical access to a device the ability to read sensitive data stored in the processor.