VMware Skyline Advisor Pro Proactive Findings – April 2023 Edition

VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers.

For the month of April, we released 45 new Findings. Of these, there are 34 Findings based on trending issues, 10 based on post escalation reviews, and 1 based on VMSAs. We picked a few of these findings from each of these categories which stand out in this release.

Security Vulnerabilities

In VMSA-2023-0007, VMware Aria Operations for Logs contains a deserialization vulnerability and a command injection vulnerability. For CVE-2023-20864, an unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. For CVE-2023-20865, a malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. VMware has evaluated the severity of CVE-2023-20864 & CVE-2023-20865 to be Critical and Important severity range with a maximum CVSSv3 base score of 9.8 and 7.2. To remediate CVE-2023-20864 & CVE-2023-20865 please update VMware Aria Operations for Logs to 8.12.0.

Finding ID: OPLOGS-CVE-2023-20864-20865-VMSA#202307
- Description: VMware Aria Operations for Logs Command Injection & Deserialization Vulnerability (CVE-2023-20864 & CVE-2023-20865).
- Helpful Link: https://www.vmware.com/security/advisories/VMSA-2023-0007.html
- Severity: CRITICAL

VMware Technical Support Trending Issues

VMware Technical Support trending issues are KBs that have solved many SRs and/or are viewed many times.

In KB#90340, ESXi hosts and/or VMs are at risk of crashing due to a race condition. Recent performance optimizations for vMotion have introduced a race condition between pre-validation and swapping that may lead to memory corruption. The corruption may manifest into different types of crashes including VMkernel PSOD and guest BSOD. Some common but not exhaustive list of VMkernel PSOD backtraces observed are given in the KB noted below. This issue is resolved VMware ESXi 7.0 U3j and VMware ESXi 8.0b.

Finding ID: vSphere-PSODCpuSched_StartWorld-KB#90340
Description: ESXi Host PSOD or Virtual Machine crash after VMs vMotion due to a race condition.
Helpful Link: https://kb.vmware.com/s/article/90340
Severity: CRITICAL

Post Escalation Review

VMware Technical Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation Management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.

In KB#78348, ESXi hosts become unresponsive with hostd failing or hanging when NFC operations such as backup or replication jobs are executed on disks with an IO filter attached. This issue is caused by a hostd worker thread limit exhaustion during specific NFC operations. This issue is resolved with VMware ESXi U3L.

Finding ID: vSphere-NFSConsistency-KB#78348
- Description: ESXi hosts become unresponsive during NFC operations when IO Filters are being used.
- Helpful Link: https://kb.vmware.com/s/article/78348
- Severity: MODERATE

To review all released Findings for the month of April and all current active VMware Skyline Findings please go to the VMware Skyline Findings Catalog.

Most Viewed Findings in Last 30 Days

Below are the most viewed Findings by users in Skyline Advisor Pro: