This site will be decommissioned on December 31st 2024. After that date content will be available at techdocs.broadcom.com.

Release Date: 12 MAY , 2022

What's in the Release Notes

The release notes cover the following topics:

Build Details

Download Filename: ESXi650-202205001.zip
Build: 19588618
Download Size: 470.1 MB
md5sum: 3a84e769eb15812c1f1a16f5f40be729
sha256checksum: 793b7fae097a0cd3856cf60d3eb92adcfe05eadceca3689307bda35c6a82529e
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi650-202205401-BG Bugfix Important
ESXi650-202205402-BG Bugfix Important
ESXi650-202205101-SG Security Important
ESXi650-202205102-SG Security Important

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.5.

Bulletin ID Category Severity
ESXi650-202205001 Bugfix Important

IMPORTANT: For clusters using VMware vSAN, you must first upgrade the vCenter Server system. Upgrading only ESXi is not supported.
Before an upgrade, always verify in the VMware Product Interoperability Matrix compatible upgrade paths from earlier versions of ESXi, vCenter Server and vSAN to the current version.

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.5.0-20220504001-standard
ESXi-6.5.0-20220504001-no-tools
ESXi-6.5.0-20220501001s-standard
ESXi-6.5.0-20220501001s-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is by using the VMware vSphere Update Manager. For details, see About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from VMware Customer Connect. Navigate to Products and Accounts > Product Patches. From the Select a Product drop-down menu, select ESXi (Embedded and Installable) and from the Select a Version drop-down menu, select 6.5.0. Install VIBs by using the esxcli software vib update command. Additionally, the system can be updated by using the image profile and the esxcli software profile update command. For more information, see vSphere Command-Line Interface Concepts and Examples and vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi650-202205401-BG
Patch Category Bugfix
Patch Severity Important
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-base_6.5.0-3.184.19588618
  • VMware_bootbank_vsanhealth_6.5.0-3.184.19585071
  • VMware_bootbank_esx-tboot_6.5.0-3.184.19588618
  • VMware_bootbank_vsan_6.5.0-3.184.19585070
PRs Fixed  2781237, 2901023, 2915263
Related CVE numbers N/A

This patch updates esx-baseesx-tboot, vsan, and vsanhealth VIBs to resolve the following issues:

  • PR 2901023: ESXi hosts might fail with a purple diagnostic screen when I/O operations run on a software iSCSI adapter

    I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.

    This issue is resolved in this release.

  • PR 2915263: If you enable SNMP on a HPE Gen10 ESXi host, you might see redundant SNMP traps

    If you enable SNMP on a HPE Gen10 ESXi host, you might see SNMP traps to hardware components without an actual hardware fault.

    This issue is resolved in this release. The fix provides a local variable to hold sensor addresses instead of a global variable that has no lock protection.

  • PR 2781237: The sfcb service becomes unresponsive as soon as it starts up

    In rare cases, due to an occasional deadlock in the start up of the sfcb service, some providers might not start up properly. As a result, the sfcb service becomes unresponsive and CIM queries cannot be processed.

    This issue is resolved in this release. 

ESXi650-202205402-BG
Patch Category Bugfix
Patch Severity Important
Host Reboot Required No
Virtual Machine Migration or Shutdown Required No
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-xserver_6.5.0-3.184.19588618
PRs Fixed  N/A
Related CVE numbers N/A

This patch updates the esx-xserver VIB.

    ESXi650-202205101-SG
    Patch Category Security
    Patch Severity Important
    Host Reboot Required Yes
    Virtual Machine Migration or Shutdown Required Yes
    Affected Hardware N/A
    Affected Software N/A
    VIBs Included
    • VMware_bootbank_vsan_6.5.0-3.180.19360877
    • VMware_bootbank_vsanhealth_6.5.0-3.180.19360878
    • VMware_bootbank_esx-base_6.5.0-3.180.19581852
    • VMware_bootbank_esx-tboot_6.5.0-3.180.19581852
    PRs Fixed  2912296, 2912304, 2912306, 2912309, 2920289, 2921089, 2930023, 2936558, 2942529
    Related CVE numbers CVE-2017-9765, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386, CVE-2004-0230, CVE-2020-7451, CVE-2015-2923, CVE-2015-5358, CVE-2013-3077, CVE-2015-1414, CVE-2018-6918, CVE-2020-7469, CVE-2019-5611, CVE-2020-7457, CVE-2018-6916, CVE-2019-5608

    This patch esx-base, esx-tboot, vsan and vsanhealth VIBs to resolve the following issues:

    • ESXi650-202205001 delivers the following security updates:
      • The gSOAP is updated to resolve CVE-2017-9765.
      • The Expat XML parser is updated to version 2.4.7.
      • The OpenSSL library is updated to version 1.0.2zd.
      • cURL is updated to version 7.81.0.
      • The SQLite database is updated to version 3.37.2.
      • The Busybox package is updated to address the following CVEs: CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, and CVE-2021-42386.
      • This release resolves CVE-2004-0230. VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base score of 3.7.
      • This release resolves CVE-2020-7451. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 5.3.
      • This release resolves CVE-2015-2923. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.5.
      • This release resolves CVE-2015-5358. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.5.
      • This release resolves CVE-2013-3077. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.0.
      • This release resolves CVE-2015-1414. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.  
      • This release resolves CVE-2018-6918. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
      • This release resolves CVE-2020-7469. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
      • This release resolves CVE-2019-5611. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5
      • This release resolves CVE-2020-7457. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.8
      • This release resolves CVE-2018-6916. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.1.
      • This release resolves CVE-2019-5608. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.1.
    ESXi650-202205102-SG
    Patch Category Security
    Patch Severity Important
    Host Reboot Required No
    Virtual Machine Migration or Shutdown Required No
    Affected Hardware N/A
    Affected Software N/A
    VIBs Included
    • VMware_locker_tools-light_6.5.0-3.180.19581852
    PRs Fixed  2917100
    Related CVE numbers N/A

    This patch updates the tools-light ​VIB.

    • The following VMware Tools ISO images are bundled with ESXi 650-202204001:

      • windows.iso: VMware Tools 12.0.0 supports Windows 7 SP1 or Windows Server 2008 R2 SP1 and later.
      • linux.iso: VMware Tools 10.3.24 ISO image for Linux OS with glibc 2.11 or later.

      The following VMware Tools ISO images are available for download:

      • VMware Tools 10.0.12:
        • winPreVista.iso: for Windows 2000, Windows XP, and Windows 2003.
        • linuxPreGLibc25.iso: for Linux OS with a glibc version less than 2.5.
           
      • VMware Tools 11.0.6:
        • windows.iso: for Windows Vista (SP2) and Windows Server 2008 Service Pack 2 (SP2).
           
      • solaris.iso: VMware Tools image 10.3.10 for Solaris.
      • darwin.iso: Supports Mac OS X versions 10.11 and later.

      Follow the procedures listed in the following documents to download VMware Tools for platforms not bundled with ESXi:

    ESXi-6.5.0-20220504001-standard
    Profile Name ESXi-6.5.0-20220504001-standard
    Build For build information, see the top of the page.
    Vendor VMware, Inc.
    Release Date May 12, 2022
    Acceptance Level PartnerSupported
    Affected Hardware N/A
    Affected Software N/A
    Affected VIBs
    • VMware_bootbank_esx-base_6.5.0-3.184.19588618
    • VMware_bootbank_vsanhealth_6.5.0-3.184.19585071
    • VMware_bootbank_esx-tboot_6.5.0-3.184.19588618
    • VMware_bootbank_vsan_6.5.0-3.184.19585070
    • VMware_bootbank_esx-xserver_6.5.0-3.184.19588618
    PRs Fixed 2781237, 2901023, 2915263
    Related CVE numbers N/A
    • This patch resolves the following issues:
      • I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.

      • If you enable SNMP on a HPE Gen10 ESXi host, you might see SNMP traps to hardware components without an actual hardware fault.

      • In rare cases, due to an occasional deadlock in the start up of the sfcb service, some providers might not start up properly. As a result, the sfcb service becomes unresponsive and CIM queries cannot be processed.

    ESXi-6.5.0-20220504001-no-tools
    Profile Name ESXi-6.5.0-20220504001-no-tools
    Build For build information, see the top of the page.
    Vendor VMware, Inc.
    Release Date May 12, 2022
    Acceptance Level PartnerSupported
    Affected Hardware N/A
    Affected Software N/A
    Affected VIBs
    • VMware_bootbank_esx-base_6.5.0-3.184.19588618
    • VMware_bootbank_vsanhealth_6.5.0-3.184.19585071
    • VMware_bootbank_esx-tboot_6.5.0-3.184.19588618
    • VMware_bootbank_vsan_6.5.0-3.184.19585070
    • VMware_bootbank_esx-xserver_6.5.0-3.184.19588618
    PRs Fixed 2781237, 2901023, 2915263
    Related CVE numbers N/A
    • This patch resolves the following issues:
      • I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.

      • If you enable SNMP on a HPE Gen10 ESXi host, you might see SNMP traps to hardware components without an actual hardware fault.

      • In rare cases, due to an occasional deadlock in the start up of the sfcb service, some providers might not start up properly. As a result, the sfcb service becomes unresponsive and CIM queries cannot be processed.

    ESXi-6.5.0-20220501001s-standard
    Profile Name ESXi-6.5.0-20220501001s-standard
    Build For build information, see the top of the page.
    Vendor VMware, Inc.
    Release Date May 12, 2022
    Acceptance Level PartnerSupported
    Affected Hardware N/A
    Affected Software N/A
    Affected VIBs
    • VMware_bootbank_vsan_6.5.0-3.180.19360877
    • VMware_bootbank_vsanhealth_6.5.0-3.180.19360878
    • VMware_bootbank_esx-base_6.5.0-3.180.19581852
    • VMware_bootbank_esx-tboot_6.5.0-3.180.19581852
    • VMware_locker_tools-light_6.5.0-3.180.19581852
    PRs Fixed 2912296, 2912304, 2912306, 2912309, 2920289, 2921089, 2930023, 2936558, 2942529
    Related CVE numbers CVE-2017-9765, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386, CVE-2004-0230, CVE-2020-7451, CVE-2015-2923, CVE-2015-5358, CVE-2013-3077, CVE-2015-1414, CVE-2018-6918, CVE-2020-7469, CVE-2019-5611, CVE-2020-7457, CVE-2018-6916, CVE-2019-5608
    • This patch resolves the following issues: 
      • The gSOAP is updated to resolve CVE-2017-9765.
      • The Expat XML parser is updated to version 2.4.7.
      • The OpenSSL library is updated to version 1.0.2zd.
      • cURL is updated to version 7.81.0.
      • The SQLite database is updated to version 3.37.2.
      • The Busybox package is updated to address the following CVEs: CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, and CVE-2021-42386.
      • This release resolves CVE-2004-0230. VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base score of 3.7.
      • This release resolves CVE-2020-7451. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 5.3.
      • This release resolves CVE-2015-2923. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.5.
      • This release resolves CVE-2015-5358. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.5.
      • This release resolves CVE-2013-3077. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.0.
      • This release resolves CVE-2015-1414. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.  
      • This release resolves CVE-2018-6918. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
      • This release resolves CVE-2020-7469. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
      • This release resolves CVE-2019-5611. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5
      • This release resolves CVE-2020-7457. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.8
      • This release resolves CVE-2018-6916. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.1.
      • This release resolves CVE-2019-5608. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.1.
      • The following VMware Tools ISO images are bundled with ESXi 650-202204001:

        • windows.iso: VMware Tools 12.0.0 supports Windows 7 SP1 or Windows Server 2008 R2 SP1 and later.
        • linux.iso: VMware Tools 10.3.24 ISO image for Linux OS with glibc 2.11 or later.

        The following VMware Tools ISO images are available for download:

        • VMware Tools 10.0.12:
          • winPreVista.iso: for Windows 2000, Windows XP, and Windows 2003.
          • linuxPreGLibc25.iso: for Linux OS with a glibc version less than 2.5.
             
        • VMware Tools 11.0.6:
          • windows.iso: for Windows Vista (SP2) and Windows Server 2008 Service Pack 2 (SP2).
             
        • solaris.iso: VMware Tools image 10.3.10 for Solaris.
        • darwin.iso: Supports Mac OS X versions 10.11 and later.

        Follow the procedures listed in the following documents to download VMware Tools for platforms not bundled with ESXi:

    ESXi-6.5.0-20220501001s-no-tools
    Profile Name ESXi-6.5.0-20220501001s-no-tools
    Build For build information, see the top of the page.
    Vendor VMware, Inc.
    Release Date May 12, 2022
    Acceptance Level PartnerSupported
    Affected Hardware N/A
    Affected Software N/A
    Affected VIBs
    • VMware_bootbank_vsan_6.5.0-3.180.19360877
    • VMware_bootbank_vsanhealth_6.5.0-3.180.19360878
    • VMware_bootbank_esx-base_6.5.0-3.180.19581852
    • VMware_bootbank_esx-tboot_6.5.0-3.180.19581852
    PRs Fixed 2912296, 2912304, 2912306, 2912309, 2920289, 2921089, 2930023, 2936558, 2942529
    Related CVE numbers CVE-2017-9765, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386, CVE-2004-0230, CVE-2020-7451, CVE-2015-2923, CVE-2015-5358, CVE-2013-3077, CVE-2015-1414, CVE-2018-6918, CVE-2020-7469, CVE-2019-5611, CVE-2020-7457, CVE-2018-6916, CVE-2019-5608
    • This patch resolves the following issues: 
      • The gSOAP is updated to resolve CVE-2017-9765.
      • The Expat XML parser is updated to version 2.4.7.
      • The OpenSSL library is updated to version 1.0.2zd.
      • cURL is updated to version 7.81.0.
      • The SQLite database is updated to version 3.37.2.
      • The Busybox package is updated to address the following CVEs: CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, and CVE-2021-42386.
      • This release resolves CVE-2004-0230. VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base score of 3.7.
      • This release resolves CVE-2020-7451. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 5.3.
      • This release resolves CVE-2015-2923. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.5.
      • This release resolves CVE-2015-5358. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.5.
      • This release resolves CVE-2013-3077. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.0.
      • This release resolves CVE-2015-1414. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.  
      • This release resolves CVE-2018-6918. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
      • This release resolves CVE-2020-7469. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
      • This release resolves CVE-2019-5611. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5
      • This release resolves CVE-2020-7457. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.8
      • This release resolves CVE-2018-6916. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.1.
      • This release resolves CVE-2019-5608. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.1.
      • The following VMware Tools ISO images are bundled with ESXi 650-202204001:

        • windows.iso: VMware Tools 12.0.0 supports Windows 7 SP1 or Windows Server 2008 R2 SP1 and later.
        • linux.iso: VMware Tools 10.3.24 ISO image for Linux OS with glibc 2.11 or later.

        The following VMware Tools ISO images are available for download:

        • VMware Tools 10.0.12:
          • winPreVista.iso: for Windows 2000, Windows XP, and Windows 2003.
          • linuxPreGLibc25.iso: for Linux OS with a glibc version less than 2.5.
             
        • VMware Tools 11.0.6:
          • windows.iso: for Windows Vista (SP2) and Windows Server 2008 Service Pack 2 (SP2).
             
        • solaris.iso: VMware Tools image 10.3.10 for Solaris.
        • darwin.iso: Supports Mac OS X versions 10.11 and later.

        Follow the procedures listed in the following documents to download VMware Tools for platforms not bundled with ESXi:

    Known Issues from Previous Releases

    To view a list of previous known issues, click here.

    check-circle-line exclamation-circle-line close-line
    Scroll to top icon