We are currently using Dell R440 servers.
We are using vSphere 6.5 until we decided to upgrade to 6.7 update 1.
Now the hosts are giving warnings of the CVE-2018-3646 vulnerability.
Checked the issue and was pointed to the KB VMware Knowledge Base
My questions are the following:
1. Did we did the right thing to upgrade the hosts to version 6.7 update 1?
2. Do we now have to follow to follow the steps indicated in the KB?
3. Checked the KB and found out that it is detected since 6.5. My question is why in 6.7 that we encountered the warning?
4. Do we need to re-install to something later version or go back to 6.5?
Hope someone knowledgeable with the vulnerability can answer my queries.
Thanks!
Even with 6.7 you have this issue.
You need to follow as per the KB states
I see there are few patches available on this as well :
L1 Terminal Fault (L1TF) vulnerability: vSphere patches available - Nolabnoparty
Please mark this as "correct" or " Helpfull" if this answers your query .
regards
Gayathri
Based from the link provided, the update for 6.7 was created last 8/14/2018.
Does the update 1 of 6.7 which is released last 10/16/2018 already includes the patch for VMware L1TF?
1. Yes
2. Follow the flow chart in VMware Knowledge Base 55806
3. This is a hardware level issue, the mitigation required mitigation on all supported versions of ESXi, if your CPU is vulnerable to this issue you will get alerted.
4. No, follow KB 55806, make sure you have sufficient capacity and then enable the new task scheduler to avoid the vulnerability, then patch all guest VMs.
Note you should also upgrade BIOS to fully cover fixing this vulnerability: Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on...