VMware is releasing patches and workarounds for its Virtual Appliance products affected by the Meltdown and Spectre vulnerabilities.
The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data.
The mitigations measures could be applied to vCloud Usage Meter, Identity Manager (vIDM), vCenter Server, vSphere Data Protection, vSphere Integrated Containers and vRealize Automation (vRA).
“VMware Virtual Appliance updates address side-channel analysis due to speculative execution” states the advisory published by the company.
The company acknowledged problems for its virtual appliances and opted to release workarounds to protect its customers. The proposed solutions are only temporary waiting for a permanent fix that will be released as soon as they are available.
The complete list of workarounds is available here, in some cases, admins can mitigate the issue by launching a few commands as a privileged user, in other cases the procedure to deploy mitigations is more complex.
(Security Affairs – Spectre patches, VMware )
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.