ONTAP Select VM hardware version needs to be upgraded due to VMSA-2018-0004
Applies to
- ONTAP Select
- ESXi
- Vulnerability
Issue
Site vulnerability scans report that VMware VM's running hardware version 7 or less have the following vulnerabilities:
New speculative-execution control mechanism for Virtual Machines
Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.
To remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met. Please note that these points are meant to be a brief overview. For a more in-depth explaination of the mitigation process please see VMware Knowledge Base Article 52085.
VMware Requirements
• Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).
• Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.
• Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base Article 1010675 discusses Hardware Versions.