I reinstalled ESXi v7U3 on a new host in my home lab today and saw this notification below the summary information after adding it to my datacenter & cluster:
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-23.png?resize=1024%2C243&ssl=1)
So, OK – I recognize this. The error/information warning is for the administrators notice to address CVE-2018-3646 (https://nvd.nist.gov/vuln/detail/CVE-2018-3646), which according to the CVE: “…may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis”.
Makes sense. This is a moderate CVSS score (5.6), and needs to be mitigated. This is one of those mitigations that requires a change to the system settings.
Let’s go ahead and walk-through the process.
- Connect to vCenter Server
- Select your ESXi host in the inventory
- Click the Configure tab
- Look under System menu heading
- Click Advanced System Settings
- Click Edit (on the right side)
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-24.png?resize=1024%2C282&ssl=1)
I found using the text filter to be the easiest to find the Key/Value I needed to change. So click the filter icon, and type in “vmkernel.boot.hyperthreadingMitigation”. Most of the time you’ll be able to pull up the Key needed just with a minimal amount of searching.
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-25.png?resize=839%2C266&ssl=1)
Find the “vmkernel.boot.hyperthreadingMitigation” Key, and where the Value is set to “false”…
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-26.png?resize=493%2C159&ssl=1)
Change the Value to “true”…
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-27.png?resize=468%2C147&ssl=1)
Click “Save” and reboot your host.
You can also do this via SSH:
- Connect to the host using SSH (I use puTTy or MTPuTTY)
- Check the current value of the “vmkernel.boot.hyperthreadingMitigation” setting by running:
esxcli system settings kernel list -o hyperthreadingMitigation
You will see this output:
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-31.png?resize=668%2C102&ssl=1)
- Enable “vmkernel.boot.hyperthreadingMitigation” by running:
esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
- Verify by running
esxcli system settings kernel list -o hyperthreadingMitigation
again…
![](https://i0.wp.com/mikewire.com/wp-content/uploads/2023/01/image-32.png?resize=618%2C117&ssl=1)
- And then reboot the ESXi Host
And that’s it,
Check out the below links for reference – thanks and cheers!
https://www.vmware.com/security/advisories/VMSA-2018-0020.html
Leave a Reply