The purpose of this article is to provide a response to the security issues related to speculative execution in Intel processors described by
CVE-2018-3646 (L1 Terminal Fault - VMM) and
CVE-2018-3620 (L1 Terminal Fault - OS) as they apply to VMware SaaS offerings.
Responses have been broken into the following categories for potentially affected offerings. The scope of this document is limited to VMware SaaS offerings that run in a vSphere environment.
- Infrastructure security impact statement
- Recommended actions
- Operational impact statement
The
Update History section of this article will be revised when there is a significant change to this document. Click Subscribe to Article in the Actions box to be alerted when new information is added to this document and sign up at our
Security-Announce mailing list to receive new and updated
VMware Security Advisories. In addition, operational events are announced for our various SaaS offerings on our
VMware Cloud Services Status Page.
This article is dedicated to VMware SaaS offerings, for an overview of these vulnerabilities and links to on-prem product documentation please see
KB55636.
Note: this document uses terminology defined in
KB55806.