Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Document Version Release Date Details 2 April 1, 2022 Updated Resolution, a patch is now available for ESXi 7.0. 1 January 31, 2022 Original Document Release. CD-ROM device emulation in VMware ESXi exposes heap-overflow vulnerability (CVE-2021-22045). The vulnerability is present in VMware ESXi hypervisor. The vulnerability does not exist in HPE SimpliVity OmniStack software. References: VMware security advisory - VMSA-2022-0001 VMware Knowledge Base - VMware KB87249
Impacted: VMware ESXi 6.5 VMware ESXi 6.7 VMware ESXi 7.0 Not Impacted: HPE SimpliVity OmniStack Affected Environments: All HPE SimpliVity OmniStack deployments using ESXi 6.5, 6.7 & 7.0 on any of following versions: 4.1.1 & 4.1.1U1 4.1.0 & 4.1.0U1 4.0.1 & 4.0.1U1 4.0.0 3.7.10/3.7.10A & 3.7.10U1 3.7.9
The security risk could be mitigated by following the VMware security advisory VMSA-2022-0001 and VMware KB87249 which advise to apply patches for 6.5, 6.7 and 7.0. In absence of patch, the vulnerability could be mitigated by applying the workaround suggested in VMware KB87249. Mitigation could be applied either by applying the available patch OR the workaround recommended in VMware KB87249. ESXi version Fixed version Build Number Release date 6.5 6.5 P07 18678235 12-October-2021 6.7 6.7 P06 18828794 23-November-2021 7.0 7.0 U3c 19193800 27-January-2022 Proposed ESXi patches and workaround are good to apply to any of the HPE SimpliVity OmniStack versions described below. For more information on supportability see the HPE SimpliVity OmniStack Interoperability guide for 4.1.1U1, when available. 4.1.1 & 4.1.1U1 - All patches if available excluding 6.5 P07 OR workaround. 4.1.0 & 4.1.0U1 - All patches if available OR workaround. 4.0.1 & 4.0.1U1 - All patches excluding 7.0 OR workaround. 4.0.0 - All patches excluding 7.0 OR workaround. 3.7.10U1 - All patches excluding 7.0 OR workaround. 3.7.10/3.7.10A - Adopt workaround as proposed patches are not supported. 3.7.9 - Adopt workaround as proposed patches are not supported. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively in your e-mail through HPE Support Alerts. Sign up for Support Alerts at the following URL: HPE Email Preference Center. NAVIGATION TIP: For hints on navigating HPE.com to locate the latest drivers, patches and other support software downloads, refer to the Navigation Tips document. SEARCH TIP: For hints on locating similar documents on HPE.com, refer to the Search Tips document.