VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers.
For the month of January, we released 37 new Findings. Of these, there are 30 Findings based on trending issues, 6 based on VMSAs, and 1 based on post escalation reviews. We picked a few Findings from each of these categories which stand out in this release.
Post Escalation Review
VMware Technical Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation Management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.
In KB#90177, ESXi version 7.0.3 or 8.0 GA may PSOD with “PFrame_IsBackedByLPage” due to a rare race condition. Please review the KB for details on these conditions. VMware engineering is aware and working towards addressing this in a future release. To work around this issue, you may disable inter-VM TPS before powering on or migrating any virtual machines to the host, alternatively avoid FSRs by powering off the VM before adding devices or migrating it to different storage.
- Finding ID: vSphere- PSODPFrame-KB#90177
- Description: ESXi may PSOD with “PFrame_IsBackedByLPage” due to a rare race condition.
- Helpful Link: https://kb.vmware.com/s/article/90177
- Severity: CRITICAL
Security Vulnerabilities
In VMSA-2022-0030, VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5. This vulnerability is mitigated with ESXi updates noted in the VMSA.
- Finding ID: vSphere-CVE-2022-31696-VMSA#202230
- Description: VMware ESXi memory corruption vulnerability (CVE-2022-31696).
- Helpful Link: https://www.vmware.com/security/advisories/VMSA-2022-0030.html
- Severity: MODERATE
VMware Technical Support Trending Issues
VMware Technical Support trending issues are KBs that have solved many SRs and/or are viewed many times.
In KB#84192, ESXi no longer responding on network ports with modified firewall settings after host reboot. The modified ruleset becomes disabled on reboot. The affected firewall rules can be enabled from the command line. Once the rules have been enabled from the CLI, the setting will stay enabled through future reboots. This issue is resolved in vSphere ESXi 7.0 Update 3c (build number 19193900).
- Finding ID: vSphere-ESXiFirewallRules-KB#84192
- Description: Modified ESXi firewall rules disabled after reboot.
- Helpful Link: https://kb.vmware.com/s/article/84192
- Severity: MODERATE
To review all released Findings for the month of January and all current active VMware Skyline Findings please go to the VMware Skyline Findings Catalog.
Most Viewed Findings in Last 30 Days
Below are the most viewed Findings by users in Skyline Advisor Pro:
- vSphere-PSODFastSlabAllocSlow-KB#89131
- vSphere-VMmorethan3snapshots-KB#1025279
- vSphere-VCFEsxNTPRule-KB#81647
- vSphere-CustomizeWindowsGuests-KB#1020716
- vSphere-over1TBvm-KB#79520
- vSphere-VCFEsxRemoteSysLogRule-KB#81648
- vSphere-VMsnapshotover7days-KB#1025279
- vSphere-SpectreMeltdown-VMSA#201804-2
- vSphere-VmUnresponsivememoryleak-KB#2077302
- vSphere-EndpointCertExpiration
- vSphere-L1TerminalFault-VMSA#201820-3
- vSphere-CVE-2021-21997-VMSA#202111
- vSphere-XHCI-USB-controller-VMSA#202204
- NSXv-EdgeSSH100percentdiskusage-KB#2150467
- vSphere-CVE-2022-22943-VMSA#202207
- vSphere-Vmtoolsmemoryleak-KB#76163
- vSphere-vmsupportCNAFCoELinkDown-KB#2142226
- vSphere-EsxiBuildInconsistent
- vSphere-CVE-2020-3992-VMSA#202023
- vSphere-VMtoolsfailure-KB#83949
Comments