VMware Cloud Community
novell1
Enthusiast
Enthusiast

vulnerable cve-2018-3646 on vsphere 6.52c

Hi, after upgrade to 6.5U2c it gives a message about the intel CPU problematic. What is your opinon for this? Something to patch and if yes, how does the performance impact of Hosts and VM's?

Thanks

Best regards

Reply
0 Kudos
4 Replies
GayathriS
Expert
Expert

Hi

Please check this KB which explains you about this CVE number and the vulnerability issue which you are hitting :

VMware Knowledge Base

regards

Gayathri

Reply
0 Kudos
GayathriS
Expert
Expert

There are patches release check out this:

You need to follow as per the KB states

I see there are few patches available on this as well :

L1 Terminal Fault (L1TF) vulnerability: vSphere patches available - Nolabnoparty

Please mark this as "correct" or " Helpfull" if this answers your query .

regards

Gayathri

Reply
0 Kudos
patrickds
Expert
Expert

I have applied the fix to this issue, and experience what is  mentioned in the KB:

Note: Enabling this option will result in the vSphere UI reporting only a single logical processor per physical core; halving the number of logical processors if Hyperthreading was previously enabled. In addition Hyperthreading may be reported as 'Disabled' in various configuration tabs.

Does this mean that hyperthreading is actually disabled, or is that just a reporting issue?

Reply
0 Kudos
rajen450m
Hot Shot
Hot Shot

Hi,

Yes enabling it disables the hyperthreading. You can check the same in ESXi summary tab as hyperthreading "inactive".

if your environment has more VMs running with high CPU configuration, it is a bad idea to disable and if there is any VM CPU number with more than the logical processors may crash also.

In our environment, we have suppressed the warning without disabling hyperhtreading, since we dont have capacity to run such a massive workload without SMP or hyperthreading.

We opened a support case with VMware, but they are helpless and blames CPU manufacturers to come up with a fix, since the vulnerability is on hardware...

Regards,

Raj M Please mark helpful or correct if my answer resolved your issue. Visit www.hypervmwarecloud.com for my blog posts, step-by-step procedures etc.,
Reply
0 Kudos