VMware ESX Server 3.0.3, ESX303-200809401-SG: Security and Other Fixes for VMware-esx-vmx, VMware-esx-vmkernel, and VMware-hostd-esx RPMs (1006673)
Summaries and Symptoms
Guest operating systems generate host bus adapters warnings in the recent Linux kernels containing the ata_piix4 driver. Hard disks and CD-ROM drives are not recognized.
When using the virtual E1000 NIC, sometimes the vmkernel might try accessing pages beyond the physical memory range of the guest operating systems, causing the virtual E1000 NIC to stop responding.Symptom: In a corner case, network service might stop on 64-bit guest operating systems using a virtual E1000 NIC with the following message logged in vmkernel:
WARNING: Alloc: 3412: vm 1212: ppn=0xc0000 out of range: 0x0-0xc0000 (count=2)
WARNING: P2MCache: vm 1212: 478: GetPhysMemRange failed: PPN 0xc0000 canBlock 0 status Bad parameter
Any user running an info-get command with an invalid key in the guest operating system might cause the virtual machine to stop responding. The info-get command run on Windows operating systems is VMwareService -cmd "info-get". The info-get command run on Linux operating systems is vmware-guestd --cmd "info-get".
The range track overflows and triggers flushing of all dependent translation look-aside buffers (TLBs) causing serious performance impact.
VMware addresses an in-guest privilege escalation on 64-bit guest operating systems.
VMware products emulate hardware functions including CPU, memory, and I/O.
A flaw in VMware's CPU hardware emulation could allow the virtual CPU to jump to an incorrect memory address. Exploitation of this issue on the guest operating system does not lead to a compromise of the host system, but could lead to a privilege escalation on guest operating systems. An attacker would need to have a user account on the guest operating system.
Affected guest operating systems include 64-bit Windows, 64-bit FreeBSD, and possibly other 64-bit operating systems.
The issue does not affect the 64-bit versions of Linux guest operating systems.
VMware would like to thank Derek Soeder for discovering this issue and working with us on its remediation.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4279 this issue.
None beyond the required patch bundles and reboot information listed in the table, above.
Patch Download and Installation
To update ESX Server 3.0.3 hosts when not using VMware Update Manager, download the most recent patch bundle from http://support.vmware.com/selfsupport/download/ and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide .