Skyline Advisor Pro Proactive Findings – February Edition

VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers.

For the month of February, we released 56 new Findings. Of these, there are 19 Findings based on trending issues, 17 based on post escalation reviews, 5 based on VMSAs, and 15 based on best practice recommendations. In the month of February, we also introduced support for vRealize Log Insight which includes 13 findings. We picked a few of these 56 Findings from each of these categories which stand out in this release.

Security Vulnerabilities

In VMSA-2023-0001, there are multiple VRLI vulnerabilities which are mitigated. The vRealize Log Insight contains a Directory Traversal Vulnerability and a broken access control vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. This makes both vulnerabilities have a CVSSv3 score of Critical. There is an important vulnerability where vRealize Log Insight contains a deserialization vulnerability and a moderate where vRealize Log Insight contains an Information Disclosure Vulnerability. All these vulnerabilities are mitigated with vRealize Log Insight version 8.10.2.

Finding ID: vRLI-MultipleCVEs-VMSA#202301
- Description: VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711).
- Helpful Link: https://www.vmware.com/security/advisories/VMSA-2023-0001.html
- Severity: CRITICAL

VMware Technical Support Trending Issues

VMware Technical Support trending issues are KBs that have solved many SRs and/or are viewed many times.

In KB#76282, It is recommended to check the size of your vRealize Log Insight (vRLI) nodes to make sure there is enough available disk space. For older vRLI deployments, / is 8GB, meaning a little more than 4GB should be free, where the size of / on newer deployments is 16GB, meaning a little more than 8GB should be free. This Finding determines if your root partition is running out of disk space, and we will be releasing a Finding soon to check if your vRLI nodes are configured for 8 GB of space. Please reference the KB noted below for resolution steps if you run into an issue where the root partition on your vRLI nodes runs low.

Finding ID: vRLI-RootPartitionDiskSpace-KB#76282
Description: vRealize Log Insight appliance / running out of disk space.
Helpful Link: https://kb.vmware.com/s/article/76282
Severity: MODERATE

Post Escalation Review

VMware Technical Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation Management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.

In KB#90052, ESXi hosts might fail with purple diagnostic screen due to rare memory fragmentation issue. Under rare conditions with high host memory usage, severe memory fragmentation can lead to network device driver memory allocation requests to take too long which triggers a heartbeat miss PSOD. This issue is resolved with VMware ESXi 7.0 Update 3f (build number 20036589).

Finding ID: vSphere-PSODFastSlabAlloc-KB#90052
- Description: ESXi hosts might fail with purple diagnostic screen due to rare memory fragmentation issue.
- Helpful Link: https://kb.vmware.com/s/article/90052
- Severity: CRITICAL

To review all released Findings for the month of February and all current active VMware Skyline Findings please go to the VMware Skyline Findings Catalog.

Most Viewed Findings in Last 30 Days

Below are the most viewed Findings by users in Skyline Advisor Pro: