Proxmox/Hyper-V/VMware Security | Vulnerability Scans and Assessment Virtualisation

Moderate Severity VMSA-2022-0020: VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities


VMware ESXi is a bare-metal hypervisor that installs directly onto your physical server and provides you direct access to and control of underlying resources. VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes. There is a resolution to this issue, as such, there is no workaround discussed in this guide. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6. VMware ESXi enables you to:

  • Consolidate hardware for higher capacity utilization.
  • Increase performance for a competitive edge.
  • Streamline IT administration through centralized management.
  • Reduce CapEx and OpEx.
  • Minimize hardware resources needed to run the hypervisor, meaning greater efficiency.

Multiple side-channel vulnerabilities in Intel (CVE-2022-29901, CVE-2022-28693) and AMD (CVE-2022-23816, CVE-2022-23825) CPUs have been disclosed. Patches are available to mitigate these vulnerabilities in affected VMware products. Below are the impacted products.

  • VMware ESXi
  • VMware Cloud Foundation

What Exploit does this Vulnerability Present?

A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host. Here are some related guides: How To Deploy Azure VMware Solution Private Cloud, Boot failure: How to fix EFI network timeout on VMware Workstation, and How to solve VMware workstation .lck error.


To mitigate CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, and CVE-2022-23825, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below. These patches do not introduce performance impact.

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed Version
ESXi7.0AnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate ESXi70U3sf-20036586
ESXi6.7AnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate ESXi670-202207401-SG
ESXi6.5AnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate ESXi650-202207401-SG

Impacted Product Suites that Deploy Response Matrix Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed Version
Cloud Foundation (ESXi)4.xAnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate KB88695
Cloud Foundation (ESXi)3.xAnyCVE-2022-29901, CVE-2022-28693,
CVE-2022-23816, CVE-2022-23825
5.6Moderate KB88927

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x