Najnowsza aktualizacja dla VMware ESXi 8.0 oznaczona jako update 3 została wydana w celu rozwiązania krytycznych problemów bezpieczeństwa związanych z CVE-2024-37085, CVE-2024-37086. CVE-2024-37085 dotyczył bypassowania autoryzacji integracji z Active Directory w VMware ESXi, co mogło prowadzić do pełnego dostępu do hosta ESXi przez złośliwego aktora. CVE-2024-37086 dotyczył podatności typu out-of-bounds read w ESXi, która mogła powodować warunki odmowy usługi hosta. Więcej informacji można znaleźć w artykule poniżej.
Znane problemy:
Storage Issues
-
vSphere vMotion operations of virtual machines residing on Pure-backed vSphere Virtual Volumes storage might time out
vSphere vMotion operations for VMs residing on vSphere Virtual Volumes datastores depend on the vSphere API for Storage Awareness (VASA) provider and the timing of VASA operations to complete. In rare cases, and under specific conditions when the VASA provider is under heavy load, response time from a Pure VASA provider might cause ESXi to exceed the timeout limit of 120 sec for each phase of vSphere vMotion tasks. In environments with multiple stretched storage containers you might see further delays in the Pure VASA provider response. As a result, running vSphere vMotion tasks time out and cannot complete.
Workaround: Reduce parallel workflows, especially on Pure storage on vSphere Virtual Volumes datastores exposed from the same VASA provider, and retry the vSphere vMotion task.
-
In a vSphere Virtual Volumes stretched storage cluster environment, some VMs might fail to power on after recovering from a cluster-wide APD
In high scale Virtual Volumes stretched storage cluster environments, after recovering from a cluster-wide APD, due to the high load during the recovery some VMs might fail to power on even though the datastores and protocol endpoints are online and accessible.
Workaround: Migrate the affected VMs to a different ESXi host and power on the VMs.
-
You see „Object or item referred not found” error for tasks on a First Class Disk (FCD)
Due to a rare storage issue, during the creation of a snapshot of an attached FCD, the disk might be deleted from the Managed Virtual Disk Catalog. If you do not reconcile the Managed Virtual Disk Catalog, all consecutive operations on such a FCD fail with the
Object or item referred not founderror.Workaround: See Reconciling Discrepancies in the Managed Virtual Disk Catalog.
Miscellaneous Issues
-
The irdman driver might fail when you use Unreliable Datagram (UD) transport mode ULP for RDMA over Converged Ethernet (RoCE) traffic
If for some reason you choose to use the UD transport mode upper layer protocol (ULP) for RoCE traffic, the irdman driver might fail. This issue is unlikely to occur, as the irdman driver only supports iSCSI Extensions for RDMA (iSER), which uses ULPs in Reliable Connection (RC) mode.
Workaround: Use ULPs with RC transport mode.
Networking Issues
-
Connection-intensive RDMA workload might lead to loss of traffic on Intel Ethernet E810 Series devices with inbox driver irdman-1.4.0.1
The inbox irdman driver version 1.4.0.1 does not officially support vSAN over RDMA. Tests running 10,000 RDMA connections, usual for vSAN environments, might occasionally lose all traffic on Intel Ethernet E810 Series devices with NVM version 4.2 and irdman driver version 1.4.0.1.
Workaround: None.
-
Capture of network packets by using the PacketCapture tool on ESXi does not work
Due to tightening of the rhttpproxy security policy, you can no longer use the PacketCapture tool as described in Collecting network packets using the lightweight PacketCapture on ESXi.
Workaround: Use the pktcap-uw tool. For more information, see Capture and Trace Network Packets by Using the pktcap-uw Utility.
Installation, Upgrade, and Migration Issues
-
Fresh installation or creating VMFS partitions on a Micron 7500 or Intel D5-P5336 NVMe drives might fail with a purple diagnostic screen
UNMAP commands enable ESXi hosts to release storage space that is mapped to data deleted from the host. In NVMe, the equivalent of UNMAP commands is a deallocate DSM request. Micron 7500 and Intel D5-P5336 devices advertise a very large value in one of the deallocate limit attributes, DMSRL, which is the maximum number of logical blocks in a single range for a Dataset Management command. This leads to an integer overflow when the ESXi unmap split code converts number of blocks to number of bytes, which in turn might cause a failure of either installation or VMFS creation. You see a purple diagnostics screen with an error such as
Exception 14 or corruption in dlmalloc. The issue affects ESXi 8.0 Update 2 and later.Workaround: For a fresh ESXi installation, first install ESXi 8.0, deactivate UNMAP for the affected disk by using the command
esxcli storage core device vaai status set -D 0 -d <device-id>and then upgrade to 8.0 Update 3. To create VMFS partitions, disable UNMAP for the affected disk by using the commandesxcli storage core device vaai status set -D 0 -d <device-id>and then create VMFS as usual. You can reactivate UNMAP after you create a VMFS datastore, but if you delete or create a partition, UNMAP must remain deactivated. -
The Cancel option in an interactive ESXi installation might not work as expected
Due to an update of the Python library, the Cancel option by pressing the ESC button in an interactive ESXi installation might not work as expected. The issue occurs only in interactive installations, not in scripted or upgrade scenarios.
Workaround: Press the ESC key twice and then press any other key to activate the Cancel option.
-
Standard image profiles for ESXi 8.0 Update 3 show last modified date as release date
The Release Date field of the standard image profile for ESXi 8.0 Update 3 shows the Last Modified Date value. The issue is only applicable to the image profiles used in Auto Deploy or ESXCLI. Base images used in vSphere Lifecyce Manager workflows display the release date correctly. This issue has no functional impact. The side effect is that if you search for profiles by release date, the profile does not show with the actual release date.
Workaround: Search by release version, such as 8.0.3.
Więcej informacji o najnowszej aktualizacji można przeczytać w dokumentacji technicznej.
