VMWare CVE-2018-3646 Mitigation

Enable ESXi Side-Channel-Aware Scheduler Version 2 (SCAv2) using ESXCLI
  1. SSH to an ESXi host or open a console where the remote ESXCLI is installed
  2. Check the current runtime values by running:
    • esxcli system settings kernel list -o hyperthreadingMitigation and esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
  3. To enable the ESXi Side-Channel-Aware Scheduler Version 1 run these commands:
    • esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
    • esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE
  4. Reboot the ESXi host for the configuration change to go into effect:
    • Default Method:
      • Get List of running VMs: esxcli vm process list
      • Kill VMs: esxcli vm process kill -type=[soft|hard|force] -world-id=[worldid]
    • Alternative method:
      • List all vms: vim-cmd vmsvc/getallvms
      • vim-cmd vmsvc/power.shutdown [vmid]
      • reboot -d 300 -f

Leave a Reply

Your email address will not be published. Required fields are marked *