Multiple processor vulnerabilities in VMware ESXi



Published: 2022-07-13
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-29901
CVE-2022-28693
CVE-2022-23816
CVE-2022-23825
CWE-ID CWE-1037
CWE-843
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		VMware ESXi
Operating systems & Components / Operating system

Vendor VMware, Inc

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65220

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29901

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware ESXi: ESXi70U1b-17168206 - ESXi670-20211104001

External links

http://www.vmware.com/security/advisories/VMSA-2022-0020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65221

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28693

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to unprotected alternative channel of return branch target prediction. A local user can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware ESXi: ESXi70U1b-17168206 - ESXi670-20211104001

External links

http://www.vmware.com/security/advisories/VMSA-2022-0020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type Confusion

EUVDB-ID: #VU65219

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23816

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware ESXi: ESXi70U1b-17168206 - ESXi670-20211104001

External links

http://www.vmware.com/security/advisories/VMSA-2022-0020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type Confusion

EUVDB-ID: #VU65204

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23825

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware ESXi: ESXi70U1b-17168206 - ESXi670-20211104001

External links

http://www.vmware.com/security/advisories/VMSA-2022-0020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###