Security: VMware ESX Server AMD fxsave/fxrstor vulnerability

VMware released a security bulletin about a security vulnerability affecting its flagship product: ESX Server:

The instructions fxsave and fxrstor on AMD CPUs are used to save or restore the FPU registers (FOP, FIP and FDP). On AMD Opteron Processors, these instructions do not save/restore some exception related registers unless an exception is currently being serviced. This can lead to a security hole that allows local attackers to monitor the execution path of FPU processes, possibly allowing them to obtain sensitive information being passed through those processes.

This vulnerability exists for all AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and Sempron processors but the AMD Opteron processors are the only AMD processors supported with ESX Server.

It only affects version 3.0.0 and patch ESX-2533126 has already been issues.

Check details for patching procedure here.

The vulnerability is actually related with a Linux kernel bug prior to 2.6.16.9. More details are available here.