1 Reply Latest reply on Dec 2, 2019 10:47 AM by jamesz08

    security mitigation of CVE-2018-3646 on ESXi version 6.7U3

    niceguy001 Enthusiast

      the user guide 3.1 described how to mitigate the CVE-2018-3646 in page 104, which is setting up  the ESXi host parameter ''VMkernel.Boot.hyperthreadingMitigation" to ''true".

       

      i'm wondering about if I utilize vSphere 6.7U3 with VMmark 3.1 and wanna mitigate the CVE-2018-3646 correctly, should I also set the ESXi host parameter "VMkernel.Boot.hyperthreadingMitigationIntraVM" to "false"?

       

      these two parameters are described in VMware Knowledge Base , in which the ESXi Side-Channel-Aware Scheduler Version 2 (SCAv2) must be enabled to deal with "Concurrent-context attack vector".

       

      the user guide 3.1 p.104 only mentioned about the configuration of ''VMkernel.Boot.hyperthreadingMitigation". Does the config. of "VMkernel.Boot.hyperthreadingMitigationIntraVM" impact on VMmark test's compliance???

       

      thx