VMware urges emergency action to blunt hypervisor flaws Hypervisors are supposed to provide an inviolable isolation layer between virtual machines and hardware. But hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors are not quite so inviolable as it might like. In a security advisory the Broadcom business unit warned of four flaws. The nastiest two – CVE- …
Updated my two ESXi hosts this morning. They are standalone, so I normally do esxcli software profile update etc. However this resulted in MemoryError.
Found a blog by the legendary William Lam:
https://williamlam.com/2024/03/quick-tip-using-esxcli-to-upgrade-esxi-8-x-throws-memoryerror-or-got-no-data-from-process.html
Solution is to download the offlne bundle and store in repo, then update from there
esxcli software profile update -p ESXi-8.0U2b-23305546-standard -d /vmfs/volumes/NUC3Primary/ISO/VMware-ESXi-8.0U2b-23305546-depot.zip
Posting ths just in case this helps anyone else.
Seems like Broadcom is happily continuing the recent tradition of failing to QC the updater and patches, then telling it's users to suck it up and use the command line to apply all updates if they want them to actually work.
This reminds me of the years that the GUI based update would fail to check if the account that ran the patch was locked due an expired password and would crash out gracelessly part way through and install that it never should have started. Also as a bonus they quietly set expiration to 90 days without prompting the admin in one of the updates, and you would have to command line in to fix it because the GUI literally wouldn't let you set a new password once it expired.
Here's to greener pastures under HyperV or one of the 'NIX hypervisors.
I can think of only a couple of times in the past 15 years my ESXi systems needed a VM with a USB controller. And for workstation, I do use USB passthrough (on one VM) on that but not really concerned, if there is undetected malicious code there I have bigger things to worry about than VM escaping. I don't know why by default VMware assigns a USB controller to new windows systems in ESXi, I always remove it, never needed it.
Also on my linux systems I disable the framebuffer(https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-15D965F3-05E3-4E59-9F08-B305FDE672DD.html) to prevent any repeat exploits of that happening. On windows it's less useful without a framebuffer(assuming it's possible to have a functioning system at all with it disabled, not sure) so I leave it on of course but they make up a tiny fraction of the overall VMs in my environment.
That said, haven't had any known/detected malicious code on my systems since the [STONED] virus in the early 90s (excluding some seemingly harmless bad things. detected by virus scanners on game key generators and stuff in the late 90s).
As that weird person who actually goes through unchecking every unneeded option on installs I got to snicker when guest-host escapes were occurring due to virtual floppy drives that virtually nobody used but were installed by default. I'll be doing the same thing here.
Posting Anonymously, because my asbestos coat has been taken from me...
I'm curious why it was felt necessary to mention the ethnicity of the team that located this issue, Surely computers don't care where you are from?
Could this be the Americanization of the systematic distrust, or dislike of anything Chinese?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
