I am interested to find out too. I have logged a Case to VMware for their advice.
It would be great to find out the outcome of the case your logged, as there is nothing from VMware yet, and Security is on my back.
the VMware vCenter appliances run opensuse linux, so most likely they are vulnerable to dirty c0w vulnerability. I'm sure VMware will release patch but I have found its possible to patch manually using opensuse repository. I have done this for vCenter
5.5 appliance, have not tested 6.x
- SSH into your vCenter appliance
- Add the opensuse kernel repo by running this command - zypper ar -f http://download.opensuse.org/repositories/Kernel:/SLE11-SP4/standard/ kernel
- Refresh the repo - zypper ref
- Update kernel - zypper dup -r kernel
- After update completes, reboot appliance
This will upgrade kernel to 3.0.101-292.g0e83e89-default (at time of this writing) which is not vulnerable to dirty c0w. Note that if you're using 6.x appliance then you will almost certainly need to use a newer kernel repo.
I don't know about ESXi server. I tested ESXi 5.1 and 5.5 using https://www.redpacketsecurity.com/testing-dirty-cow-cve-2016-5195/ and the test came back negative, however because gcc is not installed I had to compile from different machine; this could skew test. Perhaps someone from VMware could comment?