Posted On December 23, 2020

VMWare CVE-2018-3646 Mitigation

kimconnect 0 comments
blog.KimConnect.com >> Virtualization , Windows >> VMWare CVE-2018-3646 Mitigation
December 23, 2020December 23, 2020 kimconnectkimconnect 0 Comments
Enable ESXi Side-Channel-Aware Scheduler Version 2 (SCAv2) using ESXCLI
  1. SSH to an ESXi host or open a console where the remote ESXCLI is installed
  2. Check the current runtime values by running:
    • esxcli system settings kernel list -o hyperthreadingMitigation and esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
  3. To enable the ESXi Side-Channel-Aware Scheduler Version 1 run these commands:
    • esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
    • esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE
  4. Reboot the ESXi host for the configuration change to go into effect:
    • Default Method:
      • Get List of running VMs: esxcli vm process list
      • Kill VMs: esxcli vm process kill -type=[soft|hard|force] -world-id=[worldid]
    • Alternative method:
      • List all vms: vim-cmd vmsvc/getallvms
      • vim-cmd vmsvc/power.shutdown [vmid]
      • reboot -d 300 -f
Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Post Image

Read More

Kubernetes Broken Due To Unknown Reasons

Problem 1: Admin User Unable to Login to Cluster via Controller (Master Node) # SSL…
Post Image

Read More

Quick 1-liner: Elevated command to access control panel items

runas /user:{domainname}\{username} "control appwiz.cpl"
Post Image

Read More

PowerShell: Mapping and Unmapping Network Drives

How to Map Network Drive using Dot Net Framework $driveLetter='T' $smbPath='\\FILESERVER\SHARENAME' $username='DOMAIN\USERNAME' $password='PASSWORD' $networkDrivesObject =…