After a VMware SD-WAN Gateway is upgraded to the latest builds for SD-WAN Gateway Releases:

• 4.5.2.0
• 5.0.1.2
• 5.1.0.5
• 5.2.0.0.

Users may observe a higher CPU usage at idle on the gateways.
This higher CPU usage can be observed by an Operator or Partner user when looking at the Gateways > Gateway Management > Monitor page for a particular Gateway on the VMware SASE Orchestrator.

In addition, a customer may observe a ~1% network performance impact which would be difficult to observe in most instances.

4.x, 5.x

Multiple side-channel vulnerabilities in Intel CPUs (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) have been disclosed. The Linux kernel maintainers, following advice from Intel, changed default CPU vulnerability mitigation to Indirect Branch Restrict Speculation (IBRS).

IBRS has a higher performance cost than previous default CPU vulnerability mitigations. This causes higher CPU utilization on the systems upgraded to the latest software.

Not all Intel CPUs used by SD-WAN Gateways are vulnerable to Spectre and Retbleed. The list of affected Intel CPUs can be found at Affected Processors: Guidance for Security Issues on Intel® Processors.

For more information, see:
https://www.vmware.com/security/advisories/VMSA-2022-0020.html

VMware Response to RSBA Mitigation Performance Questions

Linux Kernel Default Processor Security Mitigation Changes and VMware Performance

Return Stack Buffer Underflow

Disclaimer: VMware is not responsible for the reliability of any data, opinions, advice, or statements made on third-party websites. Inclusion of such links does not imply that VMware endorses, recommends, or accepts any responsibility for the content of such sites.