ESXi Patches – November 2020 #2

Another part of resolving ESXi issues has been release for ESXi 6.5, ESXi 6.7 and ESXi 7.0 . What should you do? Read this post and then plan for applying the patches.

All supported versions are affected by the below issues and the issues are resolved in the latest patches:

VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine might exploit this issue to execute code as the virtual machine’s VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. For more information, see VMSA-2020-0026.

VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, might escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4005 to this issue. For more information, see VMSA-2020-0026.

ESXi Patches Release Notes

VMware ESXi 6.5, Patch Release ESXi650-202011002

Imageprofile ESXi-6.5.0-20201103001-standard (Build 17167537) includes the following updated VIBs:

NameVersionVendorSummaryCategorySeverityBulletin
esx-base6.5.0-3.149.17167537VMwareUpdates the ESX 6.5.0 esx-basebugfixcriticalESXi650-202011301-SG
esx-tboot6.5.0-3.149.17167537VMwareUpdates the ESX 6.5.0 esx-tbootbugfixcriticalESXi650-202011301-SG
vsan6.5.0-3.149.17127931VMwareUpdates the ESX 6.5.0 vsanbugfixcriticalESXi650-202011301-SG
vsanhealth6.5.0-3.149.17127932VMwareESXi VSAN Health ServicesecurityimportantESXi650-202011301-SG

(For more information see Release Notes.)

VMware ESXi 6.7, Patch Release ESXi670-202011002

There are lot of resolved issues on this patch. Make sure that you have read the release notes before skip the patch or hold it.

Imageprofile ESXi-6.7.0-20201104001-standard (Build 17167734) includes the following updated VIBs:

NameVersionVendorSummaryCategorySeverityBulletin
esx-base6.7.0-3.132.17167734VMwareESXi base systembugfixcriticalESXi670-202011401-BG
esx-update6.7.0-3.132.17167734VMwareESXi install/upgrade components.bugfixcriticalESXi670-202011401-BG
nvme1.2.2.28-4vmw.670.3.132.17167734VMWNon-Volatile memory controller driverbugfiximportantESXi670-202011402-BG
vmkusb0.1-1vmw.670.3.132.17167734VMWUSB DriverbugfiximportantESXi670-202011403-BG
vmw-ahci2.0.5-2vmw.670.3.132.17167734VMWVMware Native AHCI DriverbugfiximportantESXi670-202011404-BG
vsan6.7.0-3.132.17135222VMwareVSAN ESXibugfixcriticalESXi670-202011401-BG
vsanhealth6.7.0-3.132.17135221VMwareESXi VSAN Health ServicebugfixcriticalESXi670-202011401-BG

(For more information see Release Notes.)

VMware ESXi 7.0 Update 1b Release Notes

Imageprofile ESXi-7.0U1b-17168206-standard (Build 17168206) includes the following updated VIBs:

NameVersionVendorSummaryCategorySeverityBulletin
cpu-microcode7.0.1-0.15.17168206VMwareCPU microcode updatessecurityimportantESXi_7.0.1-0.15.17168206
crx7.0.1-0.15.17168206VMwareCRX related bitssecurityimportantESXi_7.0.1-0.15.17168206
esx-base7.0.1-0.15.17168206VMwareESXi base systemsecurityimportantESXi_7.0.1-0.15.17168206
esx-dvfilter-generic-fastpath7.0.1-0.15.17168206VMwaredvfilter-generic-fastpath modulesecurityimportantESXi_7.0.1-0.15.17168206
esx-update7.0.1-0.15.17168206VMwareESXi install/upgrade components.securityimportantesx-update_7.0.1-0.15.17168206
esx-xserver7.0.1-0.15.17168206VMwareESXi X.Org XserversecurityimportantESXi_7.0.1-0.15.17168206
gc7.0.1-0.15.17168206VMwareSystemStorage extra for ESX 7.0securityimportantESXi_7.0.1-0.15.17168206
loadesx7.0.1-0.15.17168206VMwareProvides QuickBoot functionality.securityimportantesx-update_7.0.1-0.15.17168206
native-misc-drivers7.0.1-0.15.17168206VMwareVMware Esx VIBsecurityimportantESXi_7.0.1-0.15.17168206
vdfs7.0.1-0.15.17168206VMwareESXi VDFSsecurityimportantESXi_7.0.1-0.15.17168206
vsan7.0.1-0.15.17168206VMwareVSAN ESXisecurityimportantESXi_7.0.1-0.15.17168206
vsanhealth7.0.1-0.15.17168206VMwareESXi VSAN Health ServicesecurityimportantESXi_7.0.1-0.15.17168206

(For more information see Release Notes.)

See Also

Network Connection Problem on HPE FlexFabric 650 (FLB/M) Adapter

References

VMware

https://esxi-patches.v-front.de/

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our newsletter and join other subscribers

Holler Box