Last couple of weeks were definitely busy for the VMware developers.
Not only they released vSphere 6.7 U1.
They were also busy fixing two critical data corruption bugs:
- when running VM snapshots on VMFS
- after disk extends using vSAN 6.6 and later
Another important fixed issue is VM escape possibility when using vmxnet3 network adapters.
Data Corruption
Virtual Machines running on an SEsparse snapshot may report guest data inconsistencies
Described in the VMware KB59216, affects versions since ESXi 5.5 where SEsparse snapshots were introduced.
Therefore everybody running VMFS6 and those with bigger than 2TB disks running on VMFS5.
Can by prevented by prevented by disabling “IO coalescing” for SEsparse.
Virtual Machines running on VMware vSAN 6.6 and later report guest data consistency concerns following a disk extend operation
“The sequence of the following operations might cause the issue:
- vSAN initiates resynchronization to maintain data availability.
- You expand a virtual machine disk (VMDK).
- vSAN initiates another resync after the VMDK expansion.
The fix in this release prevents further data inconsistencies, but does not recover data.”
I want you to be especially careful with this one and to read VMware KB58715 carefully.
There is a special procedure recommended, including to contact VMware support first, which may help you to identify affected VMs.
Also instructions to workaround this with disabling ClomEnableInplaceExpansion, before you manage to update your vSAN clusters.
Virtual Machine to Host Escape!
Good thing it was patched so quickly after the demonstration. Affects only ESXi users using vmxnet3 virtual network adapters. Including VMware Workstation and Fusion users.
This was demonstrated at GeekPwn2018 by security researcher “f1yyy” of Chaitin Tech.
Apparently they were first in the world who publicly demonstrated root shell on the host from virtual machine.
#GeekPwn2018 Chaitin Tech security researcher f1yyy has escaped VMware EXSi and got root shell on the host for the first time in the world. After demonstrating it at GeekPwn 2018, f1yyy received the Best of Tech Award and was selected to the GeekPwn Hall of Fame.@GeekPwn pic.twitter.com/2Y2kYKaw4d
— Chaitin Tech (@ChaitinTech) October 31, 2018
VMware published advisory VMSA-2018-0027:
ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.
All of these critical bugs are fixed already. So lets plan for patching! I hope your data is safe!
Latest posts by Dusan Tekeljak (see all)
- VM Latency Sensitivity set to High still fails with no (proper) warning - June 27, 2024
- ESXi 6.7 U1 fixes: APD and VMCP is not triggered even when no paths can service I/Os - November 30, 2018
- Update manager error: hosts could not enter maintenance mode - November 19, 2018
Pingback: Update manager error: hosts could not enter maintenance mode - The Virtualist