Did you search for this CVE? Because VMware has a pretty extensive article about this: https://kb.vmware.com/s/article/55806.
Mitigation of the Sequential-Context attack vector is achieved by vSphere updates and patches. This mitigation is enabled by default and does not impose a significant performance impact.
Mitigation of the Concurrent-context attack vector requires the enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. The initial version of this feature will only schedule the hypervisor and VMs on one logical processor of an Intel Hyperthreading-enabled core. This feature may impose a non-trivial performance impact and is not enabled by default.
The mitigation process for CVE-2018-3646 is divided into three phases:
- Update Phase: Apply vSphere Updates and Patches
- Planning Phase: Assess Your Environment
- Scheduler-Enablement Phase
Enabling the ESXi Side-Channel-Aware Scheduler Version 2 (SCAv2) using the vSphere Web Client or vSphere Client (only for ESXi 6.7u2 (13006603) and later)
- Connect to the vCenter Server using either the vSphere Web or vSphere Client.
- Select an ESXi host in the inventory.
- Click the Configure tab.
- Under the System heading, click Advanced System Settings.
- Click Edit
- Click in the Filter box and search VMkernel.Boot.hyperthreadingMitigation
- Select the setting by name
- Change the configuration option to true (default: false).
- Click in the Filter box and search VMkernel.Boot.hyperthreadingMitigationIntraVM
- Change the configuration option to false (default: true).
- Click OK.
- Reboot the ESXi host for the configuration change to go into effect.
Consider giving Kudos if you think my response helped you in any way.
