VMware Skyline releases new Proactive Findings every month. Findings are prioritized by trending issues in VMware Support, issues raised through Post Escalation review, Security vulnerabilities, and issues raised from VMware engineering, and customers.
For the month of February, we released 20 new Findings. Of these, there are 16 Findings based on trending issues, 2 based on VMSAs, and 2 based on post escalation reviews. We picked a few Findings from each of these categories which stand out in this release.
Post Escalation Review
VMware Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.
In KB 87352, Customers on NSX-T 3.1.3.x may run into an ESXi host PSOD when VMotioning VMs. This issue is caused by a corruption in the internal data structure of the firewall code. There is a noted workaround to put DRS in manual mode and migrate VMs in small batches. Please note that depending on the number of DFW rules in your rule set you may still run into this issue by migrating only a few VMs. The recommendation for this issue is to patch to NSX-T 220.127.116.11.
- Description: ESXi host fails with PSOD ‘#PF Exception 14 in world xxxx:nsx-cfgagent’ during bulk vMotions in a NSX-T Environment
- Resolution: This issue is resolved in VMware NSX-T Data Center 18.104.22.168 and later releases
- Helpful Link: https://kb.vmware.com/s/article/87352
- Severity: Critical
In VMSA-2022-0004, VMware engineering identified multiple security vulnerabilities that affect VMware ESXi Server.
While there is no one individual CVE with a score greater than 8.4, these issues can be chained together to result in a critical vulnerability known as VMescape. VMescape is a vulnerability where through taking over the virtual machine an attacker can control the host operating system. The recommendation to mitigate this vulnerability is to patch your hosts. The workaround for this VMSA requires that all USB controllers are removed from the virtual machines running in the environment. This may not be possible for some customers as the USB controller may be required for full functionality, e.g. Horizon View Desktops.
- Finding ID: vSphere-XHCI-USB-controller-VMSA#202204
- Description: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050).
- Resolution: Update to the ESXi versions noted in the following VMSA.
- Helpful Link: https://www.vmware.com/security/advisories/VMSA-2022-0004.html
- Severity: Critical
VMware Support Trending Issues
VMware Support trending issues are KBs that have solved a large number of SRs and/or viewed a large number of times.
In KB 85701, Customers who upgraded to vCenter 7.0 U3 still remain non-compliant in vSphere Life Cycle Manager. This issue is caused by the way the related VIBs were created. According to their metadata the older generation “intel-nvme-vmd” VIBs are supposed to replace the newer “iavmd” VIB, which according to its metadata is supposed to replace the “”intel-nvme-vmd” VIBs”. vSphere Life Cycle Manager cannot resolve this circular reference and decide which of the packages is the latest one, and therefore ends up installing none of the VIBs. This issue is resolved in vSphere ESXi 7.0 U3c.
- Finding ID: vSphere-intel-nvme-vmd-KB#85701
- Description: After successfully remediating an ESXi 7.0 against the “Non-critical Host Patches (Predefined)” baseline in VLCM, it is still reported as non-compliant due to missing intel-nvme-vmd VIBs.
- Resolution: This issue is resolved in VMware ESXi 7.0 Update 3c (build number 19193900)
- Helpful Link: https://kb.vmware.com/s/article/85701
- Severity: Moderate
To review all released Findings for the month of November and all current active VMware Skyline Findings please go to the VMware Skyline Findings Catalog.
Most Viewed Findings in Last 30 Days
Below are the most viewed Findings by users in Skyline Advisor Pro.