June 2022: VMware Releases ESXi 6.7/7.0 Critical Patch Updates

Critical: VMware ESXi 6.7, Patch Release ESXi670-202206001 Release Date: JUN 14, 2022

2 years ago   •   26 min read

By CloudNerve™
Release Date: JUN 14, 2022 : Critical: VMware ESXi 6.7, Patch Release ESXi670-202206001
Table of contents

See VMware / Broadcom Notes/Links below for both ESXi 6.7 and 7.0 June 2022 Critical Security Update Releases:

Critical:  VMware ESXi 7.0 Update 3d Release Notes

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3d-release-notes.html

Critical:  VMware ESXi 6.7, Patch Release ESXi670-202206001

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202206001.html#esxi670-202206401-bg-resolved

What's in the Release Notes

This release includes mitigations for CVE-2022-21123, CVE-2022-21125, and CVE-2022-21166. For more information on these vulnerabilities including impacted product suites and release lines, please see: VMSA-2022-0016.

Build Details

Download Filename:ESXi670-202206001.zip
Build:19898906
Download Size:464.1 MB
md5sum:94166edbdb7c7dcf8aad98d0b1555f33
sha256checksum:e4d1a4ef289d9b94565e6b01255954fe258a2c0d7a93de9c195eb88fec1b4d4c
Host Reboot Required:Yes
Virtual Machine Migration or Shutdown Required:Yes

Bulletins

Bulletin IDCategorySeverity
ESXi670-202206401-BGBugfixCritical
ESXi670-202206402-BGBugfixImportant
ESXi670-202206101-SGSecurityImportant
ESXi670-202206102-SGSecurityImportant
ESXi670-202206103-SGSecurityImportant

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.7.

Bulletin IDCategorySeverity
ESXi670-202206001BugfixCritical

IMPORTANT: For clusters using VMware vSAN, you must first upgrade the vCenter Server system. Upgrading only the ESXi hosts is not supported.
Before an upgrade, always verify in the VMware Product Interoperability Matrix compatible upgrade paths from earlier versions of ESXi, vCenter Server and vSAN to the current version.

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.7.0-20220604001-standard
ESXi-6.7.0-20220604001-no-tools
ESXi-6.7.0-20220601001s-standard
ESXi-6.7.0-20220601001s-no-tools

For more information about the individual bulletins, see the Product Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is by using the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.
ESXi hosts can be updated by manually downloading the patch ZIP file from VMware Customer Connect. From the Select a Product drop-down menu, select ESXi (Embedded and Installable) and from the Select a Version drop-down menu, select 6.7.0. Install VIBs by using the esxcli software vib update command. Additionally, you can update the system by using the image profile and the esxcli software profile update command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi670-202206401-BG

Patch CategoryBugfix
Patch SeverityCritical
Host Reboot RequiredYes
Virtual Machine Migration or Shutdown RequiredYes
Affected HardwareN/A
Affected SoftwareN/A
VIBs Included
  • VMware_bootbank_esx-update_6.7.0-3.174.19898906
  • VMware_bootbank_vsanhealth_6.7.0-3.174.19586332
  • VMware_bootbank_vsan_6.7.0-3.174.19589650
  • VMware_bootbank_esx-base_6.7.0-3.174.19898906
PRs Fixed 2891724, 2966100, 2888739, 2919514, 2931457, 2916330, 2819598, 2931040, 2911524, 2911321, 2919813, 2905924, 2904032
CVE numbersN/A

Updates esx-base, esx-update, vsan, and vsanhealth VIBs to resolve the following issues:

  • PR 2891724:  You might see spikes in the latency performance metrics after a virtual machine disk snapshot is created

After you create a virtual machine disk snapshot, you might see latency spikes in the vSphere performance charts. Such unusual spikes are due to the recreation of some internal system objects and the restart of the latency performance counters in the storage subsystem.

This issue is resolved in this release. The fix prevents false latency alarms after virtual machine disk snapshots.

  • PR 2966100: Failed asynchronous tasks run by a VASA provider might cause the VMX or hostd services to fail as well

The response of certain asynchronous task run by a VASA provider, such as prepareToSnapshot and createVirtualVolume, might not return sufficient error details for the task in case of failure. As a result, the VMX or hostd services might fail intermittently with a core dump.

This issue is resolved in this release.

  • PR 2888739: You cannot create a host profile from an ESXi host that uses a hardware iSCSI adapter with pseudo NICs

If a hardware iSCSI adapter on an ESXi host in your environment uses pseudo NICs, you might not be able to create a host profile from such a host since pseudo NICs do not have the required PCI address and vendor name for a profile.

This issue is resolved in this release. For pseudo NICs, the fix removes the requirement for PCI address and PCI vendor name values.

  • PR 2919514: LUN trespasses might occur on Dell EMC Unity arrays upon shutdown or booting of ESXi 6.7 hosts

After a controlled shutdown or booting of any server in a cluster of ESXi servers attached to a Dell EMC Unity array, all LUNs to which that server has access might trespass to one storage processor on the array. As a result, performance of the other ESXi servers accessing the LUNs aggravates.

This issue is resolved in this release. The fix adds a check before activating the last path on the target during the shutdown phase to prevent LUN trespassing.

  • PR 2931457: The vSphere Replication service fails to start on a vCenter Server system due to error in the installation of the vmware-hbr-agent VIB

You might not be able to start the vSphere Replication service on a vCenter Server system and see errors such as Error connecting to proxy: [<FQDN of vCenter Server>, '80'] in the /var/run/log/esxupdate.log on ESXi hosts. The issue occurs when the vSphere Replication Management Server fails to install the vmware-hbr-agent VIB on all ESXi hosts due to an incorrect proxy request header sent by ESXi.

This issue is resolved in this release.

  • PR 2916330: Many simultaneous ESXCLI calls might cause a deadlock in the hostd service

In certain environments, more than 15 parallel ESXCLI calls might cause a deadlock in the hostd service. As a result, hostd becomes intermittently unresponsive on different ESXi hosts.

This issue is resolved in this release.

  • PR 2819598: A routine operation to extend a disk on a powered on VM might fail with an invalid state error

A routine operation to extend a disk on a powered on VM might fail with a message such as Error: The attempted operation cannot be performed in the current state ("Powered on"). The issue occurs in rare cases, when the hostd service might wrongly interpret a simple disk extend request as a request to change the virtual disk backing. As a result, the request fails with an InvalidPowerState error.

This issue is resolved in this release.

  • PR 2931040: Virtual machines on NFSv4.1 datastores become unresponsive for few seconds during storage failover

In rare cases, when an NFSv4.1 server returns a transient error during storage failover, you might see virtual machines to become unresponsive for 10 seconds before the operation restarts.

This issue is resolved in this release. The fix reduces wait time for recovery during storage failover.

  • PR 2911524: Multiple ESXi hosts drop syslog messages

In rare cases, the vmsyslog service might rotate logs in an older version of the /etc/vmsyslog.conf file. As a result, you see multiple ESXi hosts drop syslog messages.

This issue is resolved in this release.

  • PR 2911321: You see status Unknown for sensors of type System Event in the hardware health monitoring screen in the vSphere Client

The hardware health module of ESXi might fail to decode some sensors of the type System Event when a physical server is rebranded. As a result, in the vSphere Client you see status Unknown for sensors of type System Event under Monitor > Hardware Health.

This issue is resolved in this release.

  • PR 2919813: If a virtual machine has Changed Block Tracking (CBT) enabled, snapshot operations might take longer than usual

If a virtual machine has CBT enabled, virtual machines might become unresponsive longer than usual during snapshot operations while VMFS allocates resources to create the change tracking file for the delta disk.

This issue is resolved in this release.

  • PR 2905924: An ESXi host might fail with a purple diagnostic screen due to a race condition in container ports

Due to a rare race condition, when a container port tries to re-acquire a lock it already holds, an ESXi host might fail with a purple diagnostic screen while virtual machines with container ports power off or migrate by using vSphere vMotion. The issue occurs due to duplicating port IDs.

This issue is resolved in this release.

  • PR 2904032: ESXi hosts might fail with a purple diagnostic screen when I/O operations run on a software iSCSI adapter

I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.

This issue is resolved in this release.

ESXi670-202206102-SG

Patch CategorySecurity
Patch SeverityImportant
Host Reboot RequiredNo
Virtual Machine Migration or Shutdown RequiredNo
Affected HardwareN/A
Affected SoftwareN/A
VIBs Included
  • VMware_locker_tools-light_12.0.0.19345655-19898894
PRs Fixed 2917103
CVE numbersN/A

Updates the tools-light VIB to resolve the following issues:

  • The following VMware Tools ISO images are bundled with ESXi 670-2022060001:
  • windows.iso: VMware Tools 12.0.0 supports Windows 7 SP1 or Windows Server 2008 R2 SP1 and later.
  • linux.iso: VMware Tools 10.3.23 ISO image for Linux OS with glibc 2.11 or later.

The following VMware Tools ISO images are available for download:

  • VMware Tools 11.0.6:
  • windows.iso: for Windows Vista (SP2) and Windows Server 2008 Service Pack 2 (SP2).
  • VMware Tools 10.0.12:
  • winPreVista.iso: for Windows 2000, Windows XP, and Windows 2003.
  • linuxPreGLibc25.iso: supports Linux guest operating systems earlier than Red Hat Enterprise Linux (RHEL) 5, SUSE Linux Enterprise Server (SLES) 11, Ubuntu 7.04, and other distributions with glibc version earlier than 2.5.
  • solaris.iso: VMware Tools image 10.3.10 for Solaris.
  • darwin.iso: Supports Mac OS X versions 10.11 and later.

Follow the procedures listed in the following documents to download VMware Tools for platforms not bundled with ESXi:

ESXi670-202206103-SG

Patch CategorySecurity
Patch SeverityImportant
Host Reboot RequiredYes
Virtual Machine Migration or Shutdown RequiredYes
Affected HardwareN/A
Affected SoftwareN/A
VIBs Included
  • VMware_bootbank_cpu-microcode_6.7.0-3.170.19898894
PRs Fixed 2886362, 2963624 
CVE numbersN/A

Updates the cpu-microcode VIB to resolve the following issues:

The cpu-microcode VIB includes the following Intel microcode:

Code NameFMSPlt IDMCU RevMCU DateBrand Names
Nehalem EP0x106a50x030x0000001d5/11/2018Intel Xeon 35xx Series;
Intel Xeon 55xx Series
Clarkdale0x206520x120x000000115/8/2018Intel i3/i5 Clarkdale Series;
Intel Xeon 34xx Clarkdale Series
Arrandale0x206550x920x000000074/23/2018Intel Core i7-620LE Processor
Sandy Bridge DT0x206a70x120x0000002f2/17/2019Intel Xeon E3-1100 Series;
Intel Xeon E3-1200 Series;
Intel i7-2655-LE Series;
Intel i3-2100 Series
Westmere EP0x206c20x030x0000001f5/8/2018Intel Xeon 56xx Series;
Intel Xeon 36xx Series
Sandy Bridge EP0x206d60x6d0x000006213/4/2020Intel Pentium 1400 Series;
Intel Xeon E5-1400 Series;
Intel Xeon E5-1600 Series;
Intel Xeon E5-2400 Series;
Intel Xeon E5-2600 Series;
Intel Xeon E5-4600 Series
Sandy Bridge EP0x206d70x6d0x0000071a3/24/2020Intel Pentium 1400 Series;
Intel Xeon E5-1400 Series;
Intel Xeon E5-1600 Series;
Intel Xeon E5-2400 Series;
Intel Xeon E5-2600 Series;
Intel Xeon E5-4600 Series
Nehalem EX0x206e60x040x0000000d5/15/2018Intel Xeon 65xx Series;
Intel Xeon 75xx Series
Westmere EX0x206f20x050x0000003b5/16/2018Intel Xeon E7-8800 Series;
Intel Xeon E7-4800 Series;
Intel Xeon E7-2800 Series
Ivy Bridge DT0x306a90x120x000000212/13/2019Intel i3-3200 Series;
Intel i7-3500-LE/UE;
Intel i7-3600-QE;
Intel Xeon E3-1200-v2 Series;
Intel Xeon E3-1100-C-v2 Series;
Intel Pentium B925C
Haswell DT0x306c30x320x0000002811/12/2019Intel Xeon E3-1200-v3 Series;
Intel i7-4700-EQ Series;
Intel i5-4500-TE Series;
Intel i3-4300 Series
Ivy Bridge EP0x306e40xed0x0000042e3/14/2019Intel Xeon E5-4600-v2 Series;
Intel Xeon E5-2600-v2 Series;
Intel Xeon E5-2400-v2 Series;
Intel Xeon E5-1600-v2 Series;
Intel Xeon E5-1400-v2 Series
Ivy Bridge EX0x306e70xed0x000007153/14/2019Intel Xeon E7-8800/4800/2800-v2 Series
Haswell EP0x306f20x6f0x000000498/11/2021Intel Xeon E5-4600-v3 Series;
Intel Xeon E5-2600-v3 Series;
Intel Xeon E5-2400-v3 Series;
Intel Xeon E5-1600-v3 Series;
Intel Xeon E5-1400-v3 Series
Haswell EX0x306f40x800x0000001a5/24/2021Intel Xeon E7-8800/4800-v3 Series
Broadwell H0x406710x220x0000002211/12/2019Intel Core i7-5700EQ;
Intel Xeon E3-1200-v4 Series
Avoton0x406d80x010x0000012d9/16/2019Intel Atom C2300 Series;
Intel Atom C2500 Series;
Intel Atom C2700 Series
Broadwell EP/EX0x406f10xef0x0b0000405/19/2021Intel Xeon E7-8800/4800-v4 Series;
Intel Xeon E5-4600-v4 Series;
Intel Xeon E5-2600-v4 Series;
Intel Xeon E5-1600-v4 Series
Skylake SP0x506540xb70x02006d0511/13/2021Intel Xeon Platinum 8100 Series;
Intel Xeon Gold 6100/5100, Silver 4100, Bronze 3100 Series;
Intel Xeon D-2100 Series;
Intel Xeon D-1600 Series;
Intel Xeon W-3100 Series;
Intel Xeon W-2100 Series
Cascade Lake B-00x506560xbf0x0400330212/10/2021Intel Xeon Platinum 9200/8200 Series;
Intel Xeon Gold 6200/5200;
Intel Xeon Silver 4200/Bronze 3200;
Intel Xeon W-3200
Cascade Lake0x506570xbf0x0500330212/10/2021Intel Xeon Platinum 9200/8200 Series;
Intel Xeon Gold 6200/5200;
Intel Xeon Silver 4200/Bronze 3200;
Intel Xeon W-3200
Cooper Lake0x5065b0xbf0x0700250111/19/2021Intel Xeon Platinum 8300 Series;
Intel Xeon Gold 6300/5300
Broadwell DE0x506620x100x0000001c6/17/2019Intel Xeon D-1500 Series
Broadwell DE0x506630x100x0700001c6/12/2021Intel Xeon D-1500 Series
Broadwell DE0x506640x100x0f00001a6/12/2021Intel Xeon D-1500 Series
Broadwell NS0x506650x100x0e0000149/18/2021Intel Xeon D-1600 Series
Skylake H/S0x506e30x360x000000f011/12/2021Intel Xeon E3-1500-v5 Series;
Intel Xeon E3-1200-v5 Series
Denverton0x506f10x010x0000003812/2/2021Intel Atom C3000 Series
Ice Lake SP0x606a60x870x0d0003633/30/2022Intel Xeon Silver 4300 Series;
Intel Xeon Gold 6300/5300 Series;
Intel Xeon Platinum 8300 Series
Snow Ridge0x806650x010x4c00001811/23/2021Intel Atom P5000 Series
Snow Ridge0x806670x010x4c00001811/23/2021Intel Atom P5000 Series
Kaby Lake H/S/X0x906e90x2a0x000000f011/12/2021Intel Xeon E3-1200-v6 Series;
Intel Xeon E3-1500-v6 Series
Coffee Lake0x906ea0x220x000000f011/15/2021Intel Xeon E-2100 Series;
Intel Xeon E-2200 Series (4 or 6 core)
Coffee Lake0x906eb0x020x000000f011/12/2021Intel Xeon E-2100 Series
Coffee Lake0x906ec0x220x000000f011/15/2021Intel Xeon E-2100 Series
Coffee Lake Refresh0x906ed0x220x000000f011/16/2021Intel Xeon E-2200 Series (8 core)
Rocket Lake S0xa06710x020x000000533/9/2022Intel Xeon E-2300 Series

ESXi670-202206001 includes the following AMD microcode:

Code nameFMS MCU Rev MCU DateBrand names
Piledriver0x00600f20 (15/02/0)0x0600084f1/25/2016AMD Opteron 6300/4300/3300
Naples0x00800f12 (17/01/2)0x080012272/9/2018AMD EPYC 7001 Series
Milan0x00a00f10 (19/01/0)0x0a0010582/10/2022AMD EPYC 7003 Series
Milan0x00a00f11 (19/01/1)0x0a0011731/31/2022AMD EPYC 7003 Series
Milan-X0x00a00f12 (19/01/2)0x0a0012292/10/2022AMD EPYC 7003 Series

ESXi-6.7.0-20220604001-standard

Profile NameESXi-6.7.0-20220604001-standardBuildFor build information, see Patches Contained in this Release.VendorVMware, Inc.Release DateJune 14, 2022Acceptance LevelPartnerSupportedAffected HardwareN/AAffected SoftwareN/AAffected VIBs

  • VMware_bootbank_esx-update_6.7.0-3.174.19898906
  • VMware_bootbank_vsanhealth_6.7.0-3.174.19586332
  • VMware_bootbank_vsan_6.7.0-3.174.19589650
  • VMware_bootbank_esx-base_6.7.0-3.174.19898906
  • VMware_bootbank_esx-xserver_6.7.0-3.174.19898906
  • VMware_locker_tools-light_12.0.0.19345655-19898894
  • VMware_bootbank_cpu-microcode_6.7.0-3.170.19898894

PRs Fixed2891724, 2966100, 2888739, 2919514, 2931457, 2916330, 2819598, 2931040, 2911524, 2911321, 2919813, 2905924, 2912214, 2904032Related CVE numbersN/A

  • This patch updates the following issues:
  • After you create a virtual machine disk snapshot, you might see latency spikes in the vSphere performance charts. Such unusual spikes are due to the recreation of some internal system objects and the restart of the latency performance counters in the storage subsystem.
  • The response of certain asynchronous task run by a VASA provider, such as prepareToSnapshot and createVirtualVolume, might not return sufficient error details for the task in case of failure. As a result, the VMX or hostd services might fail intermittently with a core dump.
  • If a hardware iSCSI adapter on an ESXi host in your environment uses pseudo NICs, you might not be able to create a host profile from such a host since pseudo NICs do not have the required PCI address and vendor name for a profile.
  • After a controlled shutdown or booting of any server in a cluster of ESXi servers attached to a Dell EMC Unity array, all LUNs to which that server has access might trespass to one storage processor on the array. As a result, performance of the other ESXi servers accessing the LUNs aggravates.
  • You might not be able to start the vSphere Replication service on a vCenter Server system and see errors such as Error connecting to proxy: [<FQDN of vCenter Server>, '80'] in the /var/run/log/esxupdate.log on ESXi hosts. The issue occurs when the vSphere Replication Management Server fails to install the vmware-hbr-agent VIB on all ESXi hosts due to an incorrect proxy request header sent by ESXi.
  • In certain environments, more than 15 parallel ESXCLI calls might cause a deadlock in the hostd service. As a result, hostd becomes intermittently unresponsive on different ESXi hosts.
  • A routine operation to extend a disk on a powered on VM might fail with a message such as Error: The attempted operation cannot be performed in the current state ("Powered on"). The issue occurs in rare cases, when the hostd service might wrongly interpret a simple disk extend request as a request to change the virtual disk backing. As a result, the request fails with an InvalidPowerState error.
  • In rare cases, when an NFSv4.1 server returns a transient error during storage failover, you might see virtual machines to become unresponsive for 10 seconds before the operation restarts.
  • In rare cases, the vmsyslog service might rotate logs in an older version of the /etc/vmsyslog.conf file. As a result, you see multiple ESXi hosts drop syslog messages.
  • The hardware health module of ESXi might fail to decode some sensors of the type System Event when a physical server is rebranded. As a result, in the vSphere Client you see status Unknown for sensors of type System Event under Monitor > Hardware Health.
  • If a virtual machine has CBT enabled, virtual machines might become unresponsive longer than usual during snapshot operations while VMFS allocates resources to create the change tracking file for the delta disk.
  • Due to a rare race condition, when a container port tries to re-acquire a lock it already holds, an ESXi host might fail with a purple diagnostic screen while virtual machines with container ports power off or migrate by using vSphere vMotion. The issue occurs due to duplicating port IDs.
  • In rare cases, a serial device on a virtual machine might not have a serial<N>.fileName property and the serial<N>.autodetect property to be set to FALSE. As a result, the hostd service might repeatedly fail.
  • I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.

ESXi-6.7.0-20220604001-no-tools

Profile NameESXi-6.7.0-20220604001-no-tools
BuildFor build information, see Patches Contained in this Release.
VendorVMware, Inc.
Release DateJune 14, 2022
Acceptance LevelPartnerSupported
Affected HardwareN/A
Affected SoftwareN/A
Affected VIBs
  • VMware_bootbank_esx-update_6.7.0-3.174.19898906
  • VMware_bootbank_vsanhealth_6.7.0-3.174.19586332
  • VMware_bootbank_vsan_6.7.0-3.174.19589650
  • VMware_bootbank_esx-base_6.7.0-3.174.19898906
  • VMware_bootbank_esx-xserver_6.7.0-3.174.19898906
  • VMware_bootbank_cpu-microcode_6.7.0-3.170.19898894
PRs Fixed2891724, 2966100, 2888739, 2919514, 2931457, 2916330, 2819598, 2931040, 2911524, 2911321, 2919813, 2905924, 2912214, 2904032
Related CVE numbersN/A
  • This patch updates the following issues:
  • After you create a virtual machine disk snapshot, you might see latency spikes in the vSphere performance charts. Such unusual spikes are due to the recreation of some internal system objects and the restart of the latency performance counters in the storage subsystem.
  • The response of certain asynchronous task run by a VASA provider, such as prepareToSnapshot and createVirtualVolume, might not return sufficient error details for the task in case of failure. As a result, the VMX or hostd services might fail intermittently with a core dump.
  • If a hardware iSCSI adapter on an ESXi host in your environment uses pseudo NICs, you might not be able to create a host profile from such a host since pseudo NICs do not have the required PCI address and vendor name for a profile.
  • After a controlled shutdown or booting of any server in a cluster of ESXi servers attached to a Dell EMC Unity array, all LUNs to which that server has access might trespass to one storage processor on the array. As a result, performance of the other ESXi servers accessing the LUNs aggravates.
  • You might not be able to start the vSphere Replication service on a vCenter Server system and see errors such as Error connecting to proxy: [<FQDN of vCenter Server>, '80'] in the /var/run/log/esxupdate.log on ESXi hosts. The issue occurs when the vSphere Replication Management Server fails to install the vmware-hbr-agent VIB on all ESXi hosts due to an incorrect proxy request header sent by ESXi.
  • In certain environments, more than 15 parallel ESXCLI calls might cause a deadlock in the hostd service. As a result, hostd becomes intermittently unresponsive on different ESXi hosts.
  • A routine operation to extend a disk on a powered on VM might fail with a message such as Error: The attempted operation cannot be performed in the current state ("Powered on"). The issue occurs in rare cases, when the hostd service might wrongly interpret a simple disk extend request as a request to change the virtual disk backing. As a result, the request fails with an InvalidPowerState error.
  • In rare cases, when an NFSv4.1 server returns a transient error during storage failover, you might see virtual machines to become unresponsive for 10 seconds before the operation restarts.
  • In rare cases, the vmsyslog service might rotate logs in an older version of the /etc/vmsyslog.conf file. As a result, you see multiple ESXi hosts drop syslog messages.
  • The hardware health module of ESXi might fail to decode some sensors of the type System Event when a physical server is rebranded. As a result, in the vSphere Client you see status Unknown for sensors of type System Event under Monitor > Hardware Health.
  • If a virtual machine has CBT enabled, virtual machines might become unresponsive longer than usual during snapshot operations while VMFS allocates resources to create the change tracking file for the delta disk.
  • Due to a rare race condition, when a container port tries to re-acquire a lock it already holds, an ESXi host might fail with a purple diagnostic screen while virtual machines with container ports power off or migrate by using vSphere vMotion. The issue occurs due to duplicating port IDs.
  • In rare cases, a serial device on a virtual machine might not have a serial<N>.fileName property and the serial<N>.autodetect property to be set to FALSE. As a result, the hostd service might repeatedly fail.
  • I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.

ESXi-6.7.0-20220601001s-standard

Profile NameESXi-6.7.0-20220601001s-standard
BuildFor build information, see Patches Contained in this Release.
VendorVMware, Inc.
Release DateJune 14, 2022
Acceptance LevelPartnerSupported
Affected HardwareN/A
Affected SoftwareN/A
Affected VIBs
  • VMware_bootbank_vsan_6.7.0-3.170.19569724
  • VMware_bootbank_esx-update_6.7.0-3.170.19898894
  • VMware_bootbank_vsanhealth_6.7.0-3.170.19569727
  • VMware_bootbank_esx-base_6.7.0-3.170.19898894
  • VMware_locker_tools-light_12.0.0.19345655-19898894
  • VMware_bootbank_cpu-microcode_6.7.0-3.170.19898894
PRs Fixed2886362, 2916437, 2920288, 2932873, 2932877, 2932879, 2933658, 2936545, 2942580, 2917103, 2886362, 2963624
Related CVE numbersCVE-2022-21123, CVE-2022-21125, CVE-2022-21166

This patch updates the following issues:

  • This release includes mitigations for CVE-2022-21123, CVE-2022-21125, and CVE-2022-21166. For more information on these vulnerabilities including impacted product suites and release lines, please see: VMSA-2022-0016.
  • The Expat XML parser is updated to version 2.4.7.
  • The SQLite database is updated to version 3.37.2.
  • cURL is updated to version 7.81.0.
  • The OpenSSL package is updated to version openssl-1.0.2zd.
  • The ESXi userworld libxml2 library is updated to version 2.9.13.
  • I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.
  • windows.iso: VMware Tools 12.0.0 supports Windows 7 SP1 or Windows Server 2008 R2 SP1 and later.
  • linux.iso: VMware Tools 10.3.23 ISO image for Linux OS with glibc 2.11 or later.

The following VMware Tools ISO images are available for download:

  • VMware Tools 11.0.6:
  • windows.iso: for Windows Vista (SP2) and Windows Server 2008 Service Pack 2 (SP2).
  • VMware Tools 10.0.12:
  • winPreVista.iso: for Windows 2000, Windows XP, and Windows 2003.
  • linuxPreGLibc25.iso: supports Linux guest operating systems earlier than Red Hat Enterprise Linux (RHEL) 5, SUSE Linux Enterprise Server (SLES) 11, Ubuntu 7.04, and other distributions with glibc version earlier than 2.5.
  • solaris.iso: VMware Tools image 10.3.10 for Solaris.
  • darwin.iso: Supports Mac OS X versions 10.11 and later.

Follow the procedures listed in the following documents to download VMware Tools for platforms not bundled with ESXi:

Code NameFMSPlt IDMCU RevMCU DateBrand Names
Nehalem EP0x106a50x030x0000001d5/11/2018Intel Xeon 35xx Series;
Intel Xeon 55xx Series
Clarkdale0x206520x120x000000115/8/2018Intel i3/i5 Clarkdale Series;
Intel Xeon 34xx Clarkdale Series
Arrandale0x206550x920x000000074/23/2018Intel Core i7-620LE Processor
Sandy Bridge DT0x206a70x120x0000002f2/17/2019Intel Xeon E3-1100 Series;
Intel Xeon E3-1200 Series;
Intel i7-2655-LE Series;
Intel i3-2100 Series
Westmere EP0x206c20x030x0000001f5/8/2018Intel Xeon 56xx Series;
Intel Xeon 36xx Series
Sandy Bridge EP0x206d60x6d0x000006213/4/2020Intel Pentium 1400 Series;
Intel Xeon E5-1400 Series;
Intel Xeon E5-1600 Series;
Intel Xeon E5-2400 Series;
Intel Xeon E5-2600 Series;
Intel Xeon E5-4600 Series
Sandy Bridge EP0x206d70x6d0x0000071a3/24/2020Intel Pentium 1400 Series;
Intel Xeon E5-1400 Series;
Intel Xeon E5-1600 Series;
Intel Xeon E5-2400 Series;
Intel Xeon E5-2600 Series;
Intel Xeon E5-4600 Series
Nehalem EX0x206e60x040x0000000d5/15/2018Intel Xeon 65xx Series;
Intel Xeon 75xx Series
Westmere EX0x206f20x050x0000003b5/16/2018Intel Xeon E7-8800 Series;
Intel Xeon E7-4800 Series;
Intel Xeon E7-2800 Series
Ivy Bridge DT0x306a90x120x000000212/13/2019Intel i3-3200 Series;
Intel i7-3500-LE/UE;
Intel i7-3600-QE;
Intel Xeon E3-1200-v2 Series;
Intel Xeon E3-1100-C-v2 Series;
Intel Pentium B925C
Haswell DT0x306c30x320x0000002811/12/2019Intel Xeon E3-1200-v3 Series;
Intel i7-4700-EQ Series;
Intel i5-4500-TE Series;
Intel i3-4300 Series
Ivy Bridge EP0x306e40xed0x0000042e3/14/2019Intel Xeon E5-4600-v2 Series;
Intel Xeon E5-2600-v2 Series;
Intel Xeon E5-2400-v2 Series;
Intel Xeon E5-1600-v2 Series;
Intel Xeon E5-1400-v2 Series
Ivy Bridge EX0x306e70xed0x000007153/14/2019Intel Xeon E7-8800/4800/2800-v2 Series
Haswell EP0x306f20x6f0x000000498/11/2021Intel Xeon E5-4600-v3 Series;
Intel Xeon E5-2600-v3 Series;
Intel Xeon E5-2400-v3 Series;
Intel Xeon E5-1600-v3 Series;
Intel Xeon E5-1400-v3 Series
Haswell EX0x306f40x800x0000001a5/24/2021Intel Xeon E7-8800/4800-v3 Series
Broadwell H0x406710x220x0000002211/12/2019Intel Core i7-5700EQ;
Intel Xeon E3-1200-v4 Series
Avoton0x406d80x010x0000012d9/16/2019Intel Atom C2300 Series;
Intel Atom C2500 Series;
Intel Atom C2700 Series
Broadwell EP/EX0x406f10xef0x0b0000405/19/2021Intel Xeon E7-8800/4800-v4 Series;
Intel Xeon E5-4600-v4 Series;
Intel Xeon E5-2600-v4 Series;
Intel Xeon E5-1600-v4 Series
Skylake SP0x506540xb70x02006d0511/13/2021Intel Xeon Platinum 8100 Series;
Intel Xeon Gold 6100/5100, Silver 4100, Bronze 3100 Series;
Intel Xeon D-2100 Series;
Intel Xeon D-1600 Series;
Intel Xeon W-3100 Series;
Intel Xeon W-2100 Series
Cascade Lake B-00x506560xbf0x0400330212/10/2021Intel Xeon Platinum 9200/8200 Series;
Intel Xeon Gold 6200/5200;
Intel Xeon Silver 4200/Bronze 3200;
Intel Xeon W-3200
Cascade Lake0x506570xbf0x0500330212/10/2021Intel Xeon Platinum 9200/8200 Series;
Intel Xeon Gold 6200/5200;
Intel Xeon Silver 4200/Bronze 3200;
Intel Xeon W-3200
Cooper Lake0x5065b0xbf0x0700250111/19/2021Intel Xeon Platinum 8300 Series;
Intel Xeon Gold 6300/5300
Broadwell DE0x506620x100x0000001c6/17/2019Intel Xeon D-1500 Series
Broadwell DE0x506630x100x0700001c6/12/2021Intel Xeon D-1500 Series
Broadwell DE0x506640x100x0f00001a6/12/2021Intel Xeon D-1500 Series
Broadwell NS0x506650x100x0e0000149/18/2021Intel Xeon D-1600 Series
Skylake H/S0x506e30x360x000000f011/12/2021Intel Xeon E3-1500-v5 Series;
Intel Xeon E3-1200-v5 Series
Denverton0x506f10x010x0000003812/2/2021Intel Atom C3000 Series
Ice Lake SP0x606a60x870x0d0003633/30/2022Intel Xeon Silver 4300 Series;
Intel Xeon Gold 6300/5300 Series;
Intel Xeon Platinum 8300 Series
Snow Ridge0x806650x010x4c00001811/23/2021Intel Atom P5000 Series
Snow Ridge0x806670x010x4c00001811/23/2021Intel Atom P5000 Series
Kaby Lake H/S/X0x906e90x2a0x000000f011/12/2021Intel Xeon E3-1200-v6 Series;
Intel Xeon E3-1500-v6 Series
Coffee Lake0x906ea0x220x000000f011/15/2021Intel Xeon E-2100 Series;
Intel Xeon E-2200 Series (4 or 6 core)
Coffee Lake0x906eb0x020x000000f011/12/2021Intel Xeon E-2100 Series
Coffee Lake0x906ec0x220x000000f011/15/2021Intel Xeon E-2100 Series
Coffee Lake Refresh0x906ed0x220x000000f011/16/2021Intel Xeon E-2200 Series (8 core)
Rocket Lake S0xa06710x020x000000533/9/2022Intel Xeon E-2300 Series
Code nameFMS MCU Rev MCU DateBrand names
Piledriver0x00600f20 (15/02/0)0x0600084f1/25/2016AMD Opteron 6300/4300/3300
Naples0x00800f12 (17/01/2)0x080012272/9/2018AMD EPYC 7001 Series
Milan0x00a00f10 (19/01/0)0x0a0010582/10/2022AMD EPYC 7003 Series
Milan0x00a00f11 (19/01/1)0x0a0011731/31/2022AMD EPYC 7003 Series
Milan-X0x00a00f12 (19/01/2)0x0a0012292/10/2022AMD EPYC 7003 Series

ESXi-6.7.0-20220601001s-no-tools

Profile NameESXi-6.7.0-20220601001s-no-tools
BuildFor build information, see Patches Contained in this Release.
VendorVMware, Inc.
Release DateJune 14, 2022
Acceptance LevelPartnerSupported
Affected HardwareN/A
Affected SoftwareN/A
Affected VIBs
  • VMware_bootbank_vsan_6.7.0-3.170.19569724
  • VMware_bootbank_esx-update_6.7.0-3.170.19898894
  • VMware_bootbank_vsanhealth_6.7.0-3.170.19569727
  • VMware_bootbank_esx-base_6.7.0-3.170.19898894
  • VMware_bootbank_cpu-microcode_6.7.0-3.170.19898894
PRs Fixed2886362, 2916437, 2920288, 2932873, 2932877, 2932879, 2933658, 2936545, 2942580, 2886362, 2963624
Related CVE numbersCVE-2022-21123, CVE-2022-21125, CVE-2022-21166

This patch updates the following issues:

  • This release includes mitigations for CVE-2022-21123, CVE-2022-21125, and CVE-2022-21166. For more information on these vulnerabilities including impacted product suites and release lines, please see: VMSA-2022-0016.
  • The Expat XML parser is updated to version 2.4.7.
  • The SQLite database is updated to version 3.37.2.
  • cURL is updated to version 7.81.0.
  • The OpenSSL package is updated to version openssl-1.0.2zd.
  • The ESXi userworld libxml2 library is updated to version 2.9.13.
  • I/O operations on a software iSCSI adapter might cause a rare race condition inside the iscsi_vmk driver. As a result, ESXi hosts might intermittently fail with a purple diagnostic screen.
  • windows.iso: VMware Tools 12.0.0 supports Windows 7 SP1 or Windows Server 2008 R2 SP1 and later.
  • linux.iso: VMware Tools 10.3.23 ISO image for Linux OS with glibc 2.11 or later.

The following VMware Tools ISO images are available for download:

  • VMware Tools 11.0.6:
  • windows.iso: for Windows Vista (SP2) and Windows Server 2008 Service Pack 2 (SP2).
  • VMware Tools 10.0.12:
  • winPreVista.iso: for Windows 2000, Windows XP, and Windows 2003.
  • linuxPreGLibc25.iso: supports Linux guest operating systems earlier than Red Hat Enterprise Linux (RHEL) 5, SUSE Linux Enterprise Server (SLES) 11, Ubuntu 7.04, and other distributions with glibc version earlier than 2.5.
  • solaris.iso: VMware Tools image 10.3.10 for Solaris.
  • darwin.iso: Supports Mac OS X versions 10.11 and later.

Follow the procedures listed in the following documents to download VMware Tools for platforms not bundled with ESXi:

Code NameFMSPlt IDMCU RevMCU DateBrand Names
Nehalem EP0x106a50x030x0000001d5/11/2018Intel Xeon 35xx Series;
Intel Xeon 55xx Series
Clarkdale0x206520x120x000000115/8/2018Intel i3/i5 Clarkdale Series;
Intel Xeon 34xx Clarkdale Series
Arrandale0x206550x920x000000074/23/2018Intel Core i7-620LE Processor
Sandy Bridge DT0x206a70x120x0000002f2/17/2019Intel Xeon E3-1100 Series;
Intel Xeon E3-1200 Series;
Intel i7-2655-LE Series;
Intel i3-2100 Series
Westmere EP0x206c20x030x0000001f5/8/2018Intel Xeon 56xx Series;
Intel Xeon 36xx Series
Sandy Bridge EP0x206d60x6d0x000006213/4/2020Intel Pentium 1400 Series;
Intel Xeon E5-1400 Series;
Intel Xeon E5-1600 Series;
Intel Xeon E5-2400 Series;
Intel Xeon E5-2600 Series;
Intel Xeon E5-4600 Series
Sandy Bridge EP0x206d70x6d0x0000071a3/24/2020Intel Pentium 1400 Series;
Intel Xeon E5-1400 Series;
Intel Xeon E5-1600 Series;
Intel Xeon E5-2400 Series;
Intel Xeon E5-2600 Series;
Intel Xeon E5-4600 Series
Nehalem EX0x206e60x040x0000000d5/15/2018Intel Xeon 65xx Series;
Intel Xeon 75xx Series
Westmere EX0x206f20x050x0000003b5/16/2018Intel Xeon E7-8800 Series;
Intel Xeon E7-4800 Series;
Intel Xeon E7-2800 Series
Ivy Bridge DT0x306a90x120x000000212/13/2019Intel i3-3200 Series;
Intel i7-3500-LE/UE;
Intel i7-3600-QE;
Intel Xeon E3-1200-v2 Series;
Intel Xeon E3-1100-C-v2 Series;
Intel Pentium B925C
Haswell DT0x306c30x320x0000002811/12/2019Intel Xeon E3-1200-v3 Series;
Intel i7-4700-EQ Series;
Intel i5-4500-TE Series;
Intel i3-4300 Series
Ivy Bridge EP0x306e40xed0x0000042e3/14/2019Intel Xeon E5-4600-v2 Series;
Intel Xeon E5-2600-v2 Series;
Intel Xeon E5-2400-v2 Series;
Intel Xeon E5-1600-v2 Series;
Intel Xeon E5-1400-v2 Series
Ivy Bridge EX0x306e70xed0x000007153/14/2019Intel Xeon E7-8800/4800/2800-v2 Series
Haswell EP0x306f20x6f0x000000498/11/2021Intel Xeon E5-4600-v3 Series;
Intel Xeon E5-2600-v3 Series;
Intel Xeon E5-2400-v3 Series;
Intel Xeon E5-1600-v3 Series;
Intel Xeon E5-1400-v3 Series
Haswell EX0x306f40x800x0000001a5/24/2021Intel Xeon E7-8800/4800-v3 Series
Broadwell H0x406710x220x0000002211/12/2019Intel Core i7-5700EQ;
Intel Xeon E3-1200-v4 Series
Avoton0x406d80x010x0000012d9/16/2019Intel Atom C2300 Series;
Intel Atom C2500 Series;
Intel Atom C2700 Series
Broadwell EP/EX0x406f10xef0x0b0000405/19/2021Intel Xeon E7-8800/4800-v4 Series;
Intel Xeon E5-4600-v4 Series;
Intel Xeon E5-2600-v4 Series;
Intel Xeon E5-1600-v4 Series
Skylake SP0x506540xb70x02006d0511/13/2021Intel Xeon Platinum 8100 Series;
Intel Xeon Gold 6100/5100, Silver 4100, Bronze 3100 Series;
Intel Xeon D-2100 Series;
Intel Xeon D-1600 Series;
Intel Xeon W-3100 Series;
Intel Xeon W-2100 Series
Cascade Lake B-00x506560xbf0x0400330212/10/2021Intel Xeon Platinum 9200/8200 Series;
Intel Xeon Gold 6200/5200;
Intel Xeon Silver 4200/Bronze 3200;
Intel Xeon W-3200
Cascade Lake0x506570xbf0x0500330212/10/2021Intel Xeon Platinum 9200/8200 Series;
Intel Xeon Gold 6200/5200;
Intel Xeon Silver 4200/Bronze 3200;
Intel Xeon W-3200
Cooper Lake0x5065b0xbf0x0700250111/19/2021Intel Xeon Platinum 8300 Series;
Intel Xeon Gold 6300/5300
Broadwell DE0x506620x100x0000001c6/17/2019Intel Xeon D-1500 Series
Broadwell DE0x506630x100x0700001c6/12/2021Intel Xeon D-1500 Series
Broadwell DE0x506640x100x0f00001a6/12/2021Intel Xeon D-1500 Series
Broadwell NS0x506650x100x0e0000149/18/2021Intel Xeon D-1600 Series
Skylake H/S0x506e30x360x000000f011/12/2021Intel Xeon E3-1500-v5 Series;
Intel Xeon E3-1200-v5 Series
Denverton0x506f10x010x0000003812/2/2021Intel Atom C3000 Series
Ice Lake SP0x606a60x870x0d0003633/30/2022Intel Xeon Silver 4300 Series;
Intel Xeon Gold 6300/5300 Series;
Intel Xeon Platinum 8300 Series
Snow Ridge0x806650x010x4c00001811/23/2021Intel Atom P5000 Series
Snow Ridge0x806670x010x4c00001811/23/2021Intel Atom P5000 Series
Kaby Lake H/S/X0x906e90x2a0x000000f011/12/2021Intel Xeon E3-1200-v6 Series;
Intel Xeon E3-1500-v6 Series
Coffee Lake0x906ea0x220x000000f011/15/2021Intel Xeon E-2100 Series;
Intel Xeon E-2200 Series (4 or 6 core)
Coffee Lake0x906eb0x020x000000f011/12/2021Intel Xeon E-2100 Series
Coffee Lake0x906ec0x220x000000f011/15/2021Intel Xeon E-2100 Series
Coffee Lake Refresh0x906ed0x220x000000f011/16/2021Intel Xeon E-2200 Series (8 core)
Rocket Lake S0xa06710x020x000000533/9/2022Intel Xeon E-2300 Series
Code nameFMS MCU Rev MCU DateBrand names
Piledriver0x00600f20 (15/02/0)0x0600084f1/25/2016AMD Opteron 6300/4300/3300
Naples0x00800f12 (17/01/2)0x080012272/9/2018AMD EPYC 7001 Series
Milan0x00a00f10 (19/01/0)0x0a0010582/10/2022AMD EPYC 7003 Series
Milan0x00a00f11 (19/01/1)0x0a0011731/31/2022AMD EPYC 7003 Series
Milan-X0x00a00f12 (19/01/2)0x0a0012292/10/2022AMD EPYC 7003 Series

Known Issues

The known issues are grouped as follows.

vSAN Issues

  • PR 2855671: vSAN disk format upgrade fails, objects not upgrading to version 3

When you upgrade host software from 6.0 to 6.0 Update 2, and the vCenter Server software version is 6.7, vSAN disk format upgrade fails. Objects do not upgrade to version 3. When the error occurs, the vSAN upgrade task fails with an error message such as General vSAN error. Disk format conversion failed due to unexpected error. and the host disk group format version remains unchanged.

Workaround: Upgrade the host software to version 6.5 Express Patch 2 or higher and then upgrade the disk format version.

Known Issues from Prior Releases

To view a list of previous known issues, click here.

Spread the word

Keep reading