SCAv1 and SCAv2 both mitigate CVE-2018-3646, however SCAv2 does not mitigate Intra-VM Concurrent-context attack vector process information leakage.
The User's Guide was published before SCAv2 was available, thus it doe not contain any information about this new feature. At this time we accept submissions which use either solution for mitigation.
I suggest reviewing the whitepaper we published for a detailed analysis of the performance impact of both schedulers. Performance of vSphere 6.7 Scheduling Options
jamesz08 thanks for the professional answer and data!
so I think configuring parameter "VMkernel.Boot.hyperthreadingMitigationIntraVM" to false is still required to enable the SCAv2.
by the way, does setting up this parameter involve in the edit of "Security Mitigations Section of Disclosure Report" (for publication)?
thanks in advance~!
Correct, to use SCAv2 you would set the following
HyperthreadingMitigation = TRUE
HyperthreadingMitigationIntraVM = FALSE
The Security Mitigations table in the disclosure report only needs to indicate the vulnerability is mitigated, it does not require an indication of how it was mitigated.