VMware fixes 2 data corruption bugs and VM to Host escape vulnerability!

Share this:

Last couple of weeks were definitely busy for the VMware developers.

Not only they released vSphere 6.7 U1.

They were also busy fixing two critical data corruption bugs:

  • when running VM snapshots on VMFS
  • after disk extends using vSAN 6.6 and later

Another important fixed issue is VM escape possibility when using vmxnet3 network adapters.

Data Corruption

Virtual Machines running on an SEsparse snapshot may report guest data inconsistencies

Described in the VMware KB59216, affects versions since ESXi 5.5 where SEsparse snapshots were introduced.

Therefore everybody running VMFS6 and those with bigger than 2TB disks running on VMFS5.

Can by prevented by prevented by disabling “IO coalescing” for SEsparse.

Virtual Machines running on VMware vSAN 6.6 and later report guest data consistency concerns following a disk extend operation

“The sequence of the following operations might cause the issue:

  1. vSAN initiates resynchronization to maintain data availability.
  2. You expand a virtual machine disk (VMDK).
  3. vSAN initiates another resync after the VMDK expansion.

The fix in this release prevents further data inconsistencies, but does not recover data.”

https://kb.vmware.com/s/article/58855

I want you to be especially careful with this one and to read VMware KB58715 carefully.
There is a special procedure recommended, including to contact VMware support first, which may help you to identify affected VMs.

Also instructions to workaround this with disabling ClomEnableInplaceExpansion, before you manage to update your vSAN clusters.

Virtual Machine to Host Escape!

Good thing it was patched so quickly after the demonstration. Affects only ESXi users using vmxnet3 virtual network adapters. Including VMware Workstation and Fusion users.

This was demonstrated at GeekPwn2018 by security researcher “f1yyy” of Chaitin Tech.
Apparently they were first in the world who publicly demonstrated root shell on the host from virtual machine.

VMware published advisory VMSA-2018-0027:

ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.

 

All of these critical bugs are fixed already. So lets plan for patching! I hope your data is safe!

 

The following two tabs change content below.
With over 12 years of experience in the Virtualization field, currently working as a Senior Consultant for Evoila, contracted to VMware PSO, helping customers with Telco Cloud Platform bundle. Previous roles include VMware Architect for Public Cloud services at Etisalat and Senior Architect for the VMware platform at the largest retail bank in Slovakia. Background in closely related technologies includes server operating systems, networking, and storage. A former member of the VMware Center of Excellence at IBM and co-author of several Redpapers. The main scope of work involves designing and optimizing the performance of business-critical virtualized solutions on vSphere, including, but not limited to, Oracle WebLogic, MSSQL, and others. Holding several industry-leading IT certifications such as VCAP-DCD, VCAP-DCA, VCAP-NV, and MCITP. Honored with #vExpert2015-2019 awards by VMware for contributions to the community. Opinions are my own!

About Dusan Tekeljak

With over 12 years of experience in the Virtualization field, currently working as a Senior Consultant for Evoila, contracted to VMware PSO, helping customers with Telco Cloud Platform bundle. Previous roles include VMware Architect for Public Cloud services at Etisalat and Senior Architect for the VMware platform at the largest retail bank in Slovakia. Background in closely related technologies includes server operating systems, networking, and storage. A former member of the VMware Center of Excellence at IBM and co-author of several Redpapers. The main scope of work involves designing and optimizing the performance of business-critical virtualized solutions on vSphere, including, but not limited to, Oracle WebLogic, MSSQL, and others. Holding several industry-leading IT certifications such as VCAP-DCD, VCAP-DCA, VCAP-NV, and MCITP. Honored with #vExpert2015-2019 awards by VMware for contributions to the community. Opinions are my own!
Bookmark the permalink.

One Comment

  1. Pingback: Update manager error: hosts could not enter maintenance mode - The Virtualist

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.