ESXi Patches – November 2020 #2
Another part of resolving ESXi issues has been release for ESXi 6.5, ESXi 6.7 and ESXi 7.0 . What should you do? Read this post and then plan for applying the patches.
All supported versions are affected by the below issues and the issues are resolved in the latest patches:
VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine might exploit this issue to execute code as the virtual machine’s VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. For more information, see VMSA-2020-0026.
VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, might escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4005 to this issue. For more information, see VMSA-2020-0026.
ESXi Patches Release Notes
VMware ESXi 6.5, Patch Release ESXi650-202011002
Imageprofile ESXi-6.5.0-20201103001-standard (Build 17167537) includes the following updated VIBs:
| Name | Version | Vendor | Summary | Category | Severity | Bulletin |
|---|---|---|---|---|---|---|
| esx-base | 6.5.0-3.149.17167537 | VMware | Updates the ESX 6.5.0 esx-base | bugfix | critical | ESXi650-202011301-SG |
| esx-tboot | 6.5.0-3.149.17167537 | VMware | Updates the ESX 6.5.0 esx-tboot | bugfix | critical | ESXi650-202011301-SG |
| vsan | 6.5.0-3.149.17127931 | VMware | Updates the ESX 6.5.0 vsan | bugfix | critical | ESXi650-202011301-SG |
| vsanhealth | 6.5.0-3.149.17127932 | VMware | ESXi VSAN Health Service | security | important | ESXi650-202011301-SG |
(For more information see Release Notes.)
VMware ESXi 6.7, Patch Release ESXi670-202011002
There are lot of resolved issues on this patch. Make sure that you have read the release notes before skip the patch or hold it.
Imageprofile ESXi-6.7.0-20201104001-standard (Build 17167734) includes the following updated VIBs:
| Name | Version | Vendor | Summary | Category | Severity | Bulletin |
|---|---|---|---|---|---|---|
| esx-base | 6.7.0-3.132.17167734 | VMware | ESXi base system | bugfix | critical | ESXi670-202011401-BG |
| esx-update | 6.7.0-3.132.17167734 | VMware | ESXi install/upgrade components. | bugfix | critical | ESXi670-202011401-BG |
| nvme | 1.2.2.28-4vmw.670.3.132.17167734 | VMW | Non-Volatile memory controller driver | bugfix | important | ESXi670-202011402-BG |
| vmkusb | 0.1-1vmw.670.3.132.17167734 | VMW | USB Driver | bugfix | important | ESXi670-202011403-BG |
| vmw-ahci | 2.0.5-2vmw.670.3.132.17167734 | VMW | VMware Native AHCI Driver | bugfix | important | ESXi670-202011404-BG |
| vsan | 6.7.0-3.132.17135222 | VMware | VSAN ESXi | bugfix | critical | ESXi670-202011401-BG |
| vsanhealth | 6.7.0-3.132.17135221 | VMware | ESXi VSAN Health Service | bugfix | critical | ESXi670-202011401-BG |
(For more information see Release Notes.)
VMware ESXi 7.0 Update 1b Release Notes
Imageprofile ESXi-7.0U1b-17168206-standard (Build 17168206) includes the following updated VIBs:
| Name | Version | Vendor | Summary | Category | Severity | Bulletin |
|---|---|---|---|---|---|---|
| cpu-microcode | 7.0.1-0.15.17168206 | VMware | CPU microcode updates | security | important | ESXi_7.0.1-0.15.17168206 |
| crx | 7.0.1-0.15.17168206 | VMware | CRX related bits | security | important | ESXi_7.0.1-0.15.17168206 |
| esx-base | 7.0.1-0.15.17168206 | VMware | ESXi base system | security | important | ESXi_7.0.1-0.15.17168206 |
| esx-dvfilter-generic-fastpath | 7.0.1-0.15.17168206 | VMware | dvfilter-generic-fastpath module | security | important | ESXi_7.0.1-0.15.17168206 |
| esx-update | 7.0.1-0.15.17168206 | VMware | ESXi install/upgrade components. | security | important | esx-update_7.0.1-0.15.17168206 |
| esx-xserver | 7.0.1-0.15.17168206 | VMware | ESXi X.Org Xserver | security | important | ESXi_7.0.1-0.15.17168206 |
| gc | 7.0.1-0.15.17168206 | VMware | SystemStorage extra for ESX 7.0 | security | important | ESXi_7.0.1-0.15.17168206 |
| loadesx | 7.0.1-0.15.17168206 | VMware | Provides QuickBoot functionality. | security | important | esx-update_7.0.1-0.15.17168206 |
| native-misc-drivers | 7.0.1-0.15.17168206 | VMware | VMware Esx VIB | security | important | ESXi_7.0.1-0.15.17168206 |
| vdfs | 7.0.1-0.15.17168206 | VMware | ESXi VDFS | security | important | ESXi_7.0.1-0.15.17168206 |
| vsan | 7.0.1-0.15.17168206 | VMware | VSAN ESXi | security | important | ESXi_7.0.1-0.15.17168206 |
| vsanhealth | 7.0.1-0.15.17168206 | VMware | ESXi VSAN Health Service | security | important | ESXi_7.0.1-0.15.17168206 |
(For more information see Release Notes.)
See Also
Network Connection Problem on HPE FlexFabric 650 (FLB/M) Adapter
References
https://esxi-patches.v-front.de/
