VMware ESXi 6.5, Patch Release ESXi650-201905001

Release Date: MAY 14, 2019

Download Filename:

ESXi650-201905001.zip

Build:

13635690

Download Size:

320.2 MB

md5sum:

c0cf400755b4e522d0fb70296331b9fc

sha1checksum:

b508f06195d1fc917d113289fced0785fb04e689

Host Reboot Required: Yes

Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID	Category	Severity
ESXi650-201905401-BG	Bugfix	Important
ESXi650-201905402-BG	Bugfix	Important

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.5.

Bulletin ID	Category	Severity
ESXi650-201905001	Bugfix	Important

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name

ESXi-6.5.0-20190504001-standard

ESXi-6.5.0-20190504001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi650-201905401-BG
ESXi650-201905402-BG
ESXi-6.5.0-20190504001-standard
ESXi-6.5.0-20190504001-no-tools

ESXi650-201905401-BG

Patch Category	Bugfix
Patch Severity	Important
Host Reboot Required	Yes
Virtual Machine Migration or Shutdown Required	Yes
Affected Hardware	N/A
Affected Software	N/A
VIBs Included	VMware_bootbank_vsan_6.5.0-2.88.13111446 VMware_bootbank_vsanhealth_6.5.0-2.88.13111447 VMware_bootbank_esx-base_6.5.0-2.88.13635690 VMware_bootbank_esx-tboot_6.5.0-2.88.13635690
PRs Fixed	N/A
Related CVE numbers	CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

This patch updates the esx-base, esx-tboot, vsan and vsanhealth VIBs to resolve the following issue:

ESXi 650-201905001 supports Hypervisor-Specific Mitigations and Hypervisor-Assisted Guest Mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities identified by CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. For more information, see VMware Security Advisory VMSA-2019-0008.

NOTE: At the time of this publication updated Sandy Bridge EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi.

ESXi650-201905402-BG

Patch Category	Bugfix
Patch Severity	Important
Host Reboot Required	Yes
Virtual Machine Migration or Shutdown Required	Yes
Affected Hardware	N/A
Affected Software	N/A
VIBs Included	VMware_bootbank_cpu-microcode_6.5.0-2.88.13635690
PRs Fixed	N/A
Related CVE numbers	CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

This patch updates the cpu-microcode VIB to resolve the following issue.

ESXi 650-201905001 supports Hypervisor-Specific Mitigations and Hypervisor-Assisted Guest Mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities identified by CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. For more information, see VMware Security Advisory VMSA-2019-0008.

NOTE: At the time of this publication updated Sandy Bridge EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi.

The cpu-microcode VIB includes the following Intel microcode:

Code Name	FMS	Plt ID	MCU Rev	MCU Date	Brand Names
Nehalem EP	0x106a5	0x03	0x0000001d	5/11/2018	Intel Xeon 35xx Series; Intel Xeon 55xx Series
Lynnfield	0x106e5	0x13	0x0000000a	5/8/2018	Intel Xeon 34xx Lynnfield Series
Clarkdale	0x20652	0x12	0x00000011	5/8/2018	Intel i3/i5 Clarkdale Series; Intel Xeon 34xx Clarkdale Series
Arrandale	0x20655	0x92	0x00000007	4/23/2018	Intel Core i7-620LE Processor
Sandy Bridge DT	0x206a7	0x12	0x0000002f	2/17/2019	Intel Xeon E3-1100 Series; Intel Xeon E3-1200 Series; Intel i7-2655-LE Series; Intel i3-2100 Series
Westmere EP	0x206c2	0x03	0x0000001f	5/8/2018	Intel Xeon 56xx Series; Intel Xeon 36xx Series
Sandy Bridge EP	0x206d7	0x6d	0x00000714	5/8/2018	Intel Pentium 1400 Series; Intel Xeon E5-1400 Series; Intel Xeon E5-1600 Series; Intel Xeon E5-2400 Series; Intel Xeon E5-2600 Series; Intel Xeon E5-4600 Series
Nehalem EX	0x206e6	0x04	0x0000000d	5/15/2018	Intel Xeon 65xx Series; Intel Xeon 75xx Series
Westmere EX	0x206f2	0x05	0x0000003b	5/16/2018	Intel Xeon E7-8800 Series; Intel Xeon E7-4800 Series; Intel Xeon E7-2800 Series
Ivy Bridge DT	0x306a9	0x12	0x00000021	2/13/2019	Intel i3-3200 Series; Intel i7-3500-LE/UE; Intel i7-3600-QE; Intel Xeon E3-1200-v2 Series; Intel Xeon E3-1100-C-v2 Series; Intel Pentium B925C
Haswell DT	0x306c3	0x32	0x00000027	2/26/2019	Intel Xeon E3-1200-v3 Series; Intel i7-4700-EQ Series; Intel i5-4500-TE Series; Intel i3-4300 Series
Ivy Bridge EP	0x306e4	0xed	0x0000042e	3/14/2019	Intel Xeon E5-4600-v2 Series; Intel Xeon E5-2600-v2 Series; Intel Xeon E5-2400-v2 Series; Intel Xeon E5-1600-v2 Series; Intel Xeon E5-1400-v2 Series
Ivy Bridge EX	0x306e7	0xed	0x00000715	3/14/2019	Intel Xeon E7-8800/4800/2800-v2 Series
Haswell EP	0x306f2	0x6f	0x00000043	3/1/2019	Intel Xeon E5-4600-v3 Series; Intel Xeon E5-2600-v3 Series; Intel Xeon E5-2400-v3 Series; Intel Xeon E5-1600-v3 Series; Intel Xeon E5-1400-v3 Series
Haswell EX	0x306f4	0x80	0x00000014	3/1/2019	Intel Xeon E7-8800/4800-v3 Series
Broadwell H	0x40671	0x22	0x00000020	3/7/2019	Intel Core i7-5700EQ; Intel Xeon E3-1200-v4 Series
Avoton	0x406d8	0x01	0x0000012a	1/4/2018	Intel Atom C2300 Series; Intel Atom C2500 Series; Intel Atom C2700 Series
Broadwell EP/EX	0x406f1	0xef	0x0b000036	3/2/2019	Intel Xeon E7-8800/4800-v4 Series; Intel Xeon E5-4600-v4 Series; Intel Xeon E5-2600-v4 Series; Intel Xeon E5-1600-v4 Series
Skylake SP	0x50654	0xb7	0x0200005e	4/2/2019	Intel Xeon Platinum 8100 Series; Intel Xeon Gold 6100/5100, Silver 4100, Bronze 3100 Series; Intel Xeon D-2100 Series; Intel Xeon D-1600 Series; Intel Xeon W-3100 Series; Intel Xeon W-2100 Series
Cascade Lake	0x50657	0xbf	0x05000021	2/27/2019	Intel Xeon Platinum 9200/8200 Series; Intel Xeon Gold 6200/5200; Intel Xeon Silver 4200/Bronze 3200; Intel Xeon W-3200
Broadwell DE	0x50662	0x10	0x0000001a	3/23/2019	Intel Xeon D-1500 Series
Broadwell DE	0x50663	0x10	0x07000017	3/23/2019	Intel Xeon D-1500 Series
Broadwell DE	0x50664	0x10	0x0f000015	3/23/2019	Intel Xeon D-1500 Series
Broadwell NS	0x50665	0x10	0x0e00000d	3/23/2019	Intel Xeon D-1600 Series
Skylake H/S	0x506e3	0x36	0x000000cc	4/1/2019	Intel Xeon E3-1500-v5 Series; Intel Xeon E3-1200-v5 Series
Denverton	0x506f1	0x01	0x0000002e	3/21/2019	Intel Atom C3000 Series
Kaby Lake H/S/X	0x906e9	0x2a	0x000000b4	4/1/2019	Intel Xeon E3-1200-v6 Series; Intel Xeon E3-1500-v6 Series
Coffee Lake H/S	0x906ea	0x22	0x000000b4	4/1/2019	Intel Xeon E-2100 Series
Coffee Lake H/S	0x906eb	0x02	0x000000b4	4/1/2019	Intel Xeon E-2100 Series
Coffee Lake H/S	0x906ec	0x22	0x000000ae	2/14/2019	Intel Xeon E-2100 Series
Coffee Lake Refresh	0x906ed	0x22	0x000000b8	3/17/2019	Intel Xeon E-2200 Series

ESXi-6.5.0-20190504001-standard

Profile Name	ESXi-6.5.0-20190504001-standard
Build	For build information, see the top of the page.
Vendor	VMware, Inc.
Release Date	May 14, 2019
Acceptance Level	PartnerSupported
Affected Hardware	N/A
Affected Software	N/A
Affected VIBs	VMware_bootbank_vsan_6.5.0-2.88.13111446 VMware_bootbank_vsanhealth_6.5.0-2.88.13111447 VMware_bootbank_esx-base_6.5.0-2.88.13635690 VMware_bootbank_esx-tboot_6.5.0-2.88.13635690 VMware_bootbank_cpu-microcode_6.5.0-2.88.13635690
PRs Fixed	N/A
Related CVE numbers	N/A

This patch updates the following issue:

ESXi 650-201905001 supports Hypervisor-Specific Mitigations and Hypervisor-Assisted Guest Mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities identified by CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. For more information, see VMware Security Advisory VMSA-2019-0008.

ESXi-6.5.0-20190504001-no-tools

Profile Name	ESXi-6.5.0-20190504001-no-tools
Build	For build information, see the top of the page.
Vendor	VMware, Inc.
Release Date	May 14, 2019
Acceptance Level	PartnerSupported
Affected Hardware	N/A
Affected Software	N/A
Affected VIBs	VMware_bootbank_vsan_6.5.0-2.88.13111446 VMware_bootbank_vsanhealth_6.5.0-2.88.13111447 VMware_bootbank_esx-base_6.5.0-2.88.13635690 VMware_bootbank_esx-tboot_6.5.0-2.88.13635690 VMware_bootbank_cpu-microcode_6.5.0-2.88.13635690
PRs Fixed	N/A
Related CVE numbers	N/A

This patch updates the following issue:

ESXi 650-201905001 supports Hypervisor-Specific Mitigations and Hypervisor-Assisted Guest Mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities identified by CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. For more information, see VMware Security Advisory VMSA-2019-0008.