Producent oprogramowania do wirtualizacji VMware zaprezentował najnowszą aktualizację dotyczącą produktu VMware ESXi 7.0 Update 3p a w niej wiele poprawek związanych z bezpieczeństwem. Update głównie skupia się na łataniu wykrytych podatności oznaczonych jako CVE-2024-22252, CVE-2024-22253, CVE-2024-22254 i CVE-2024-22255, które dotyczą luki w zabezpieczeniach kontrolera USB XHCI. Wiąże się to z możliwością wykonania kodu jako procesu VMX maszyny wirtualnej działającej na hoście i kilku innych problemów, gdzie osoba niepożądana może wyzwolić zapis poza zakresem i uwolnić zagrożenie z sandboxa. Podatności zaklasyfikowane są jako zagrożenie krytyczne oraz wysokie. Więcej informacji można znaleźć w artykule poniżej.
Znane problemy:
Installation, Upgrade, and Migration Issues
- The vCenter Upgrade/Migration pre-checks fail with „Unexpected error 87”
- Corrupted VFAT partitions from a vSphere 6.7 environment might cause upgrades to ESXi 7.x to fail
- Problems upgrading to vSphere 7.0 with pre-existing CIM providers
- Installation of 7.0 Update 1 drivers on ESXi 7.0 hosts might fail
- UEFI booting of ESXi hosts might stop with an error during an update to ESXi 7.0 Update 2 from an earlier version of ESXi 7.0
- If legacy VIBs are in use on an ESXi host, vSphere Lifecycle Manager cannot extract a desired software specification to seed to a new cluster
- You see a short burst of log messages in the syslog.log after every ESXi boot
- You see warning messages for missing VIBs in vSphere Quick Boot compatibility check reports
- Auto bootstrapping a cluster that you manage with a vSphere Lifecycle Manager image fails with an error
- Upgrades to ESXi 7.x from 6.5.x and 6.7.0 by using ESXCLI might fail due to a space limitation
- You cannot migrate linked clones across vCenter Servers
- Migration across vCenter Servers of virtual machines with many virtual disks and snapshot levels to a datastore on NVMe over TCP storage might fail
- A virtual machine with enabled Virtual Performance Monitoring Counters (VPMC) might fail to migrate between ESXi hosts
- If a live VIB install, upgrade, or remove operation immediately precedes an interactive or scripted upgrade to ESXi 7.0 Update 3 by using the installer ISO, the upgrade fails
- Smart Card and RSA SecurID authentication might stop working after upgrading to vCenter Server 7.0
- The vlanid property in custom installation scripts might not work
- HPE servers with Trusted Platform Module (TPM) boot, but remote attestation fails
- Upgrading a vCenter Server with an external Platform Services Controller from 6.7u3 to 7.0 fails with VMAFD error
- Smart card and RSA SecurID settings may not be preserved during vCenter Server upgrade
- Migration of vCenter Server for Windows to vCenter Server appliance 7.0 fails with network error message
- When you configure the number of virtual functions for an SR-IOV device by using the max_vfs module parameter, the changes might not take effect
- Upgraded vCenter Server appliance instance does not retain all the secondary networks (NICs) from the source instance
- After upgrading or migrating a vCenter Server with an external Platform Services Controller, users authenticating using Active Directory lose access to the newly upgraded vCenter Server instance
- Migrating a vCenter Server for Windows with an external Platform Services Controller using an Oracle database fails
- After an ESXi host upgrade, a Host Profile compliance check shows non-compliant status while host remediation tasks fail
- Error message displays in the vCenter Server Management Interface
Security Features Issues
- Turn off the Service Location Protocol service in ESXi, slpd, to prevent potential security vulnerabilities
- Encrypted virtual machine fails to power on when HA-enabled Trusted Cluster contains an unattested host
- Encrypted virtual machine fails to power on when DRS-enabled Trusted Cluster contains an unattested host
- Migrating or cloning encrypted virtual machines across <span>vCenter Server</span> instances fails when attempting to do so using the vSphere Client
Networking Issues
- Reduced throughput in networking performance on Intel 82599/X540/X550 NICs
- One or more I/O devices do not generate interrupts when the AMD IOMMU is in use
- When you set auto-negotiation on a network adapter, the device might fail
- Solarflare x2542 and x2541 network adapters configured in 1x100G port mode achieve throughput of up to 70Gbps in a vSphere environment
- VLAN traffic might fail after a NIC reset
- Any change in the NetQueue balancer settings causes NetQueue to be disabled after an ESXi host reboot
- Paravirtual RDMA (PVRDMA) network adapters do not support NSX networking policies
- Rollback from converged vSphere Distributed Switch (VDS) to NSX-T VDS is not supported in vSphere 7.0 Update 3
- If you do not set the nmlx5 network driver module parameter, network connectivity or ESXi hosts might fail
- High throughput virtual machines may experience degradation in network performance when Network I/O Control (NetIOC) is enabled
- IPv6 traffic fails to pass through VMkernel ports using IPsec
- Higher ESX network performance with a portion of CPU usage increase
- VM might lose Ethernet traffic after hot-add, hot-remove or storage vMotion
- Change of IP address for a VCSA deployed with static IP address requires that you create the DNS records in advance
Więcej informacji o najnowszej aktualizacji można przeczytać w dokumentacji technicznej.