VMware Virtual Appliances and CVE-2017-5753, CVE-2017-5715 (Spectre), CVE-2017-5754 (Meltdown) (52264)

Purpose：
The VMware Security Engineering, Communications, and Response group (vSECR) is investigating the impact these vulnerabilities may have on VMware virtual appliances.
CPU data cache timing can be abused by software to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Three variants have been recently discovered by Google Project Zero and other security researchers; these can affect many modern processors, including certain processors by Intel, AMD and ARM:
Variant 1: Bounds check bypass (CVE-2017-5753) also known as part of the Spectre Attacks.
Variant 2: Branch target injection (CVE-2017-5715) also known as part of the Spectre Attacks.
Variant 3: Rogue data cache load (CVE-2017-5754) also known as the Meltdown Attack.
Operating systems (OS), virtual machines, virtual appliances, hypervisors, server firmware, and CPU microcode must all be patched or upgraded for effective mitigation of these known variants. This document will focus on VMware Virtual Appliances.

Resolution：
Note: This section will be updated with additional virtual appliances as investigations continue.

Affected Virtual Appliances:
vSECR has evaluated the following appliances and determined that they may be affected by CVE-2017-5753, CVE-2017-5715, or CVE-2017-5754. VMware is currently investigating possible workarounds which will be added to the list below as they become available. Remediation will be documented in upcoming VMware Security Advisories. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories and click ‘subscribe to article’ on the right side of this page to be alerted when new information is added to this document. If a specific version number is not listed, then that entry refers to all supported versions of the appliance.

•    VMware Identity Manager
•    VMware vCenter Server 6.5
•    VMware vCenter Server 6.0
•    VMware vSphere Integrated Containers

Unaffected Virtual Appliances:
vSECR has completed evaluation of the following appliances and determined that under supported configurations they are not affected because there is no available path to execute arbitrary code without administrative privileges. This assumes that the underlying hypervisor(s) have been patched to remediate CVE-2017-5753, and CVE-2017-5715. Information on this can be found in VMSA-2018-0002. If a specific version number is not listed, then that entry refers to all supported versions of the appliance.

•    VMware NSX for vSphere
•    VMware Unified Access Gateway
•    VMware vCenter Server 5.5
•    VMware vRealize Log Insight
•    VMware vRealize Operations
•    VMware vRealize Orchestrator

Note: Automated vulnerability scanners may report that these appliances are vulnerable to CVE-2017-5753, CVE-2017-5715, or CVE-2017-5754 even though the issue is not exploitable. These products will still be updating their respective kernels in scheduled maintenance releases as a precautionary measure.

具体见 https://kb.vmware.com/s/article/52264