ESXi 7.0 Update 1b | NOV 19 2020 | ISO Build 17168206

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Earlier Releases of ESXi 7.0

Features, resolved and known issues of ESXi are described in the release notes for each release. Release notes for earlier releases of ESXi 7.0 are:

For internationalization, compatibility, and open source components, see the VMware vSphere 7.0 Release Notes.

Patches Contained in This Release

This release of ESXi 7.0 Update 1b delivers the following patches:

Build Details

Download Filename: VMware-ESXi-7.0U1b-17168206-depot
Build: 17168206
Download Size: 360.6 MB
md5sum: f6651dba2cf3e28f639b45068760f286
sha1checksum: 1fa79325cefa5730f1fa6f6e8a958b499051d81a
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Components

Component Bulletin Category Severity
ESXi ESXi_7.0.1-0.15.17168206 Security Critical
ESXi Install/Upgrade Component esx-update_7.0.1-0.15.17168206 Security Critical

IMPORTANT:

  • Starting with vSphere 7.0, VMware uses components for packaging VIBs along with bulletins. The ESXi and esx-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.
  • When patching ESXi hosts from a version prior to ESXi 7.0 Update 1 by using the VMware Update Manager, it is strongly recommended to use the rollup bulletin in the patch baseline. If you cannot use the rollup bulletin, be sure to include all of the following packages in the patching baseline. If the following packages are not included in the baseline, the update operation fails:

    • VMware-vmkusb_0.1-1vmw.701.0.0.16850804 or higher
    • VMware-vmkata_0.1-1vmw.701.0.0.16850804 or higher
    • VMware-vmkfcoe_1.0.0.2-1vmw.701.0.0.16850804 or higher
    • VMware-NVMeoF-RDMA_1.0.1.2-1vmw.701.0.0.16850804 or higher

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes after the initial release of ESXi 7.0.

Bulletin ID Category Severity
ESXi70U1b-17168206 Security Critical

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-7.0U1b-17168206-standard
ESXi-7.0U1b-17168206-no-tools

ESXi Image

Name and Version Release Date Category Detail
ESXi 7.0 U1b - 17168206 11/19/2020 Enhancement Security and Bugfix image

For information about the individual components and bulletins, see the Product Patches page and the Resolved Issues section.

Patch Download and Installation

In vSphere 7.x, the Update Manager plug-in, used for administering vSphere Update Manager, is replaced with the Lifecycle Manager plug-in. Administrative operations for vSphere Update Manager are still available under the Lifecycle Manager plug-in, along with new capabilities for vSphere Lifecycle Manager.
The typical way to apply patches to ESXi 7.x hosts is by using the vSphere Lifecycle Manager. For details, see About vSphere Lifecycle Manager and vSphere Lifecycle Manager Baselines and Images.
You can also update ESXi hosts without using the Lifecycle Manager plug-in, and use an image profile instead. To do this, you must manually download the patch offline bundle ZIP file from the VMware download page or the Product Patches page and use the esxcli software profile update command.
For more information, see the Upgrading Hosts by Using ESXCLI Commands and the VMware ESXi Upgrade guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi_7-0-1-0-15-17168206
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_vdfs_7.0.1-0.15.17168206
  • VMware_bootbank_esx-base_7.0.1-0.15.17168206
  • VMware_bootbank_native-misc-drivers_7.0.1-0.15.17168206
  • VMware_bootbank_esx-xserver_7.0.1-0.15.17168206
  • VMware_bootbank_crx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.15.17168206
  • VMware_bootbank_cpu-microcode_7.0.1-0.15.17168206
  • VMware_bootbank_vsan_7.0.1-0.15.17168206
  • VMware_bootbank_gc_7.0.1-0.15.17168206
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.15.17168206
PRs Fixed  N/A

CVE numbers

CVE-2020-4004, CVE-2020-4005

The ESXi and esx-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.

This patch updates the vdfs, esx-base, native-misc-drivers, esx-xserver, crx, esx-dvfilter-generic-fastpath, cpu-microcode, vsan, gc, esx-ui, and vsanhealth VIBs to resolve the following issues:

  • VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine might exploit this issue to execute code as the virtual machine's VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. For more information, see VMSA-2020-0026.

  • VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, might escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4005 to this issue. For more information, see VMSA-2020-0026

esx-update_7.0.1-0.15.17168206
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_loadesx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-update_7.0.1-0.15.17168206
PRs Fixed  N/A
CVE numbers CVE-2020-4004, CVE-2020-4005

The ESXi and esx-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.

Updates the loadesx and esx-update VIBs to resolve the following issues:

  • VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine might exploit this issue to execute code as the virtual machine's VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. For more information, see VMSA-2020-0026.

  • VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, might escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4005 to this issue. For more information, see VMSA-2020-0026

ESXi-7.0U1b-17168206-standard
Profile Name ESXi-7.0U1b-17168206-standard
Build For build information, see Patches Contained in this Release.
Vendor VMware, Inc.
Release Date November 19, 2020
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vdfs_7.0.1-0.15.17168206
  • VMware_bootbank_esx-base_7.0.1-0.15.17168206
  • VMware_bootbank_native-misc-drivers_7.0.1-0.15.17168206
  • VMware_bootbank_esx-xserver_7.0.1-0.15.17168206
  • VMware_bootbank_crx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.15.17168206
  • VMware_bootbank_cpu-microcode_7.0.1-0.15.17168206
  • VMware_bootbank_vsan_7.0.1-0.15.17168206
  • VMware_bootbank_gc_7.0.1-0.15.17168206
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.15.17168206
  • VMware_bootbank_loadesx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-update_7.0.1-0.15.17168206
PRs Fixed N/A
Related CVE numbers CVE-2020-4004, CVE-2020-4005

This patch updates the following issues:

  • VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine might exploit this issue to execute code as the virtual machine's VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. For more information, see VMSA-2020-0026.

  • VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, might escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4005 to this issue. For more information, see VMSA-2020-0026

ESXi-7.0U1b-17168206-no-tools
Profile Name ESXi-7.0U1b-17168206-no-tools
Build For build information, see Patches Contained in this Release.
Vendor VMware, Inc.
Release Date November 19, 2020
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vdfs_7.0.1-0.15.17168206
  • VMware_bootbank_esx-base_7.0.1-0.15.17168206
  • VMware_bootbank_native-misc-drivers_7.0.1-0.15.17168206
  • VMware_bootbank_esx-xserver_7.0.1-0.15.17168206
  • VMware_bootbank_crx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.15.17168206
  • VMware_bootbank_cpu-microcode_7.0.1-0.15.17168206
  • VMware_bootbank_vsan_7.0.1-0.15.17168206
  • VMware_bootbank_gc_7.0.1-0.15.17168206
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.15.17168206
  • VMware_bootbank_loadesx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-update_7.0.1-0.15.17168206
PRs Fixed N/A
Related CVE numbers CVE-2020-4004, CVE-2020-4005

This patch updates the following issues:

  • VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine might exploit this issue to execute code as the virtual machine's VMX process running on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4004 to this issue. For more information, see VMSA-2020-0026.

  • VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, might escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-4005 to this issue. For more information, see VMSA-2020-0026

ESXi Image - 7.0U1b - 17168206
Name ESXi
Version 7.0.1-0.15-17168206
Release Date November 19, 2020
Category Security
Affected Components​
  • VMware_bootbank_vdfs_7.0.1-0.15.17168206
  • VMware_bootbank_esx-base_7.0.1-0.15.17168206
  • VMware_bootbank_native-misc-drivers_7.0.1-0.15.17168206
  • VMware_bootbank_esx-xserver_7.0.1-0.15.17168206
  • VMware_bootbank_crx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.15.17168206
  • VMware_bootbank_cpu-microcode_7.0.1-0.15.17168206
  • VMware_bootbank_vsan_7.0.1-0.15.17168206
  • VMware_bootbank_gc_7.0.1-0.15.17168206
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.15.17168206
  • VMware_bootbank_loadesx_7.0.1-0.15.17168206
  • VMware_bootbank_esx-update_7.0.1-0.15.17168206
PRs Fixed  N/A
Related CVE numbers CVE-2020-4004, CVE-2020-4005

 

    Known Issues from Earlier Releases

    To view a list of previous known issues, click here.

    check-circle-line exclamation-circle-line close-line
    Scroll to top icon