VMware Cloud Community
albatros99
Enthusiast
Enthusiast
‎11-19-2021 08:53 AM

potentially vulnerable to issues described in CVE-2018-3646

On my esxi server 7.03b i see this information:

"This host is potentially vulnerable to issues described in CVE-2018-3646, please refer to https://kb.vmware.com/s/article/55636 for details and VMware recommendations."

I have read the VMware recommendations, but not anderstand what i must do to solve this problem?

Wich customer can help me?

Reply
0 Kudos
3 Replies
IRIX201110141
Champion
Champion
‎11-19-2021 10:51 AM

3 solutions available

  1. Disable HT
  2. Switch to the new ESXi Scheduler which gives the possibilty to tag VMs which you trust to 100% and to use the same HT core
  3. do nothing when you can trust your VMs and their users to 101% or when you dont care at all

Unlikely you can wait until Intel and AMD comes with new chips without these design flaws.

Regards
Joerg

 

Reply
0 Kudos
albatros99
Enthusiast
Enthusiast
‎11-20-2021 04:48 AM

Sorry, can you write what is real to do for 1. and 2. for normal not technical persons?
i works with vmware vsphere from Version 4 to Version 7 since more than 15 years...

1. What must i do to disable HT on ESXi 7.03b?

2. How to Switch to the new ESXi Scheduler which gives the possibilty to tag VMs which you trust to 100% and to use the same HT core?

 

Reply
0 Kudos
IRIX201110141
Champion
Champion
‎11-20-2021 11:22 AM

Take a look to https://kb.vmware.com/s/article/55806 and scroll to to the picture to find out if youre effected by any versions of Spectre and Meltdown. If so make a decision if youre willing to take the performance impact or just living with the risk. You need to know that mitigations on Hardware, Hypervisor and GuestOS level needs to be placed.  There is no single, easy to install, software patch available which solved the problem for 100% because of the design flaws in the silicon chips.

 

Reply
0 Kudos