VMware Cloud Community
sandsfootgroup
Enthusiast
Enthusiast
‎01-08-2019 08:12 AM

cve-2018-3646 vsphere 6.7 update 1

Hello all

I've recently upgraded from 6.5u1g to 6.7u1 using a custom Fujitsu ISO.  After ESXi hosts were upgraded, I was given an information warning:

This host is potentially vulnerable to issues descibed in CVE-2018-3636, please refer to https://kb.vmware.com/s/article/55636 for details and VMware recommendations. KB 55636.

The hardware is Fujitsu servers running Xeon E5-2620 v2.

Looking at the article, its suggests applying patch 6.7.0d.  The release date of the notice is 2018-08-14.

I'm assuming as I have 6.7u1 (release 2018-10-14) that this patch is rolled up in at and this warning can be safely ignored?  I just find this odd that I'm getting the warning after installing a later version?

Thanks for your help!

0 Kudos
1 Reply
sk84
Expert
Expert
‎01-08-2019 08:32 AM

Please read the full kb article and also follow the related links (especially VMware Knowledge Base ).

The mitigation of this vulnerability is not active by default because it will deactive HT and thus has a performance impact under some circumstances. That's why the warning appears also in newer releases.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
0 Kudos