check-circle-line exclamation-circle-line close-line

VMware ESXi 6.5, Patch Release ESXi650-201903001

Release Date: March 28, 2019

Download Filename:

ESXi650-201903001.zip

Build:

13004031

Download Size:

319.5 MB

md5sum:

c7e0334d8592ca3f96c0b36e55534eef

sha1checksum:

6175d1c08258f46192bf265082c384c514ae264c

Host Reboot Required: Yes

Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi650-201903401-SG Security Critical

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.5.

Bulletin ID Category Severity
ESXi650-201903001 Security Critical

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.5.0-20190304001-standard
ESXi-6.5.0-20190304001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi650-201903401-SG
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-tboot_6.5.0-2.83.13004031
  • VMware_bootbank_vsan_6.5.0-2.83.12559347
  • VMware_bootbank_esx-base_6.5.0-2.83.13004031
  • VMware_bootbank_vsanhealth_6.5.0-2.83.12559353
PRs Fixed  2299142, 2312645
Related CVE numbers N/A

This patch updates the esx-base, esx-tboot, vsan and vsanhealth VIBs.

  • ESXi contains an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB UHCI (Universal Host Controller Interface). These issues may allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues. See VMSA-2019-0005 for further information.

  • Starting an ESXi host, configured with big memory size, might fail with purple diagnostic screen due to xmap allocation failure

    The configuration of big memory nodes requires a big memory overhead mapped in xmap. Because xmap does not support memory buffer size higher than 256 MB, the ESXi host might fail with purple diagnostic screen and error similar to:
    0:00:01:12.349 cpu0:1)@BlueScreen: MEM_ALLOC bora/vmkernel/main/memmap.c:4048 0:00:01:12.356 cpu0:1)Code start: 0x418026000000 VMK uptime: 0:00:01:12.356 0:00:01:12.363 cpu0:1)0x4100064274f0:[0x4180261726e1]+0x261726e1 stack: 0x7964647542203a47 0:00:01:12.372 cpu0:1)0x4100064275a0:[0x4180261720a1]+0x261720a1 stack: 0x410006427600 0:00:01:12.381 cpu0:1)0x410006427600:[0x418026172d36]+0x26172d36 stack: 0xfd000000000 0:00:01:12.390 cpu0:1)0x410006427690:[0x4180261dcbc3]+0x261dcbc3 stack: 0x0 0:00:01:12.398 cpu0:1)0x4100064276b0:[0x4180261f0076]+0x261f0076 stack: 0x8001003f 0:00:01:12.406 cpu0:1)0x410006427770:[0x41802615947f]+0x2615947f stack: 0x0​

    This issue is resolved in this release.

ESXi-6.5.0-20190304001-standard
Profile Name ESXi-6.5.0-20190304001-standard
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date March 28, 2019
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-tboot_6.5.0-2.83.13004031
  • VMware_bootbank_vsan_6.5.0-2.83.12559347
  • VMware_bootbank_esx-base_6.5.0-2.83.13004031
  • VMware_bootbank_vsanhealth_6.5.0-2.83.12559353
PRs Fixed 2299142, 2312645
Related CVE numbers N/A
  • This patch updates the following issues:
    • ESXi contains an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB UHCI (Universal Host Controller Interface). These issues may allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues. See VMSA-2019-0005 for further information.

    • Starting an ESXi host, configured with big memory size, might fail with purple diagnostic screen due to xmap allocation failure

      The configuration of big memory nodes requires a big memory overhead mapped in xmap. Because xmap does not support memory buffer size higher than 256 MB, the ESXi host might fail with purple diagnostic screen and error similar to:
      0:00:01:12.349 cpu0:1)@BlueScreen: MEM_ALLOC bora/vmkernel/main/memmap.c:4048 0:00:01:12.356 cpu0:1)Code start: 0x418026000000 VMK uptime: 0:00:01:12.356 0:00:01:12.363 cpu0:1)0x4100064274f0:[0x4180261726e1]+0x261726e1 stack: 0x7964647542203a47 0:00:01:12.372 cpu0:1)0x4100064275a0:[0x4180261720a1]+0x261720a1 stack: 0x410006427600 0:00:01:12.381 cpu0:1)0x410006427600:[0x418026172d36]+0x26172d36 stack: 0xfd000000000 0:00:01:12.390 cpu0:1)0x410006427690:[0x4180261dcbc3]+0x261dcbc3 stack: 0x0 0:00:01:12.398 cpu0:1)0x4100064276b0:[0x4180261f0076]+0x261f0076 stack: 0x8001003f 0:00:01:12.406 cpu0:1)0x410006427770:[0x41802615947f]+0x2615947f stack: 0x0​

      This issue is resolved in this release.

ESXi-6.5.0-20190104001-no-tools
Profile Name ESXi-6.5.0-20190304001-no-tools
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date March 28, 2019
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-tboot_6.5.0-2.83.13004031
  • VMware_bootbank_vsan_6.5.0-2.83.12559347
  • VMware_bootbank_esx-base_6.5.0-2.83.13004031
  • VMware_bootbank_vsanhealth_6.5.0-2.83.12559353
PRs Fixed 2299142, 2312645
Related CVE numbers N/A
  • This patch updates the following issues:
    • ESXi contains an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB UHCI (Universal Host Controller Interface). These issues may allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues. See VMSA-2019-0005 for further information.

    • Starting an ESXi host, configured with big memory size, might fail with purple diagnostic screen due to xmap allocation failure

      The configuration of big memory nodes requires a big memory overhead mapped in xmap. Because xmap does not support memory buffer size higher than 256 MB, the ESXi host might fail with purple diagnostic screen and error similar to:
      0:00:01:12.349 cpu0:1)@BlueScreen: MEM_ALLOC bora/vmkernel/main/memmap.c:4048 0:00:01:12.356 cpu0:1)Code start: 0x418026000000 VMK uptime: 0:00:01:12.356 0:00:01:12.363 cpu0:1)0x4100064274f0:[0x4180261726e1]+0x261726e1 stack: 0x7964647542203a47 0:00:01:12.372 cpu0:1)0x4100064275a0:[0x4180261720a1]+0x261720a1 stack: 0x410006427600 0:00:01:12.381 cpu0:1)0x410006427600:[0x418026172d36]+0x26172d36 stack: 0xfd000000000 0:00:01:12.390 cpu0:1)0x410006427690:[0x4180261dcbc3]+0x261dcbc3 stack: 0x0 0:00:01:12.398 cpu0:1)0x4100064276b0:[0x4180261f0076]+0x261f0076 stack: 0x8001003f 0:00:01:12.406 cpu0:1)0x410006427770:[0x41802615947f]+0x2615947f stack: 0x0​

      This issue is resolved in this release.