Migrating Windows 2016/2019 virtual machines with VBS enabled may cause it to BSOD when the MCEPSC mitigation is applied.
Article ID: 344881
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
- Migrating a Windows 2016/2019 virtual machine that has the Enabling Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Speculative-Execution vulnerability (CVE-2018-12207) mitigation enabled causes it to BSOD.
- Resuming a suspended VM can also cause the same BSOD.
- VBS is enabled on the virtual machine.
Environment
VMware ESXi 6.7.x
Cause
This is caused by a problem in the code that is called when dealing with large memory pages and simultaneously having the MCEPSC workaround enabled.
Resolution
This issue is resolved in VMware ESXi 6.7, Patch Release ESXi670-202206001.
Workaround:
To temporarily work around this issue, there are two options:
1. Disable large pages completely by disabling the Mem.AllocGuestLargePage advanced parameter on ESXi. This could cause a performance loss for the VMs.
See Advanced Memory Attributes for more information.
2. Revert the steps that were taken to mitigate the MCEPSC vulnerability in Enabling Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Speculative-Execution vulnerability (CVE-2018-12207)
Workaround:
To temporarily work around this issue, there are two options:
1. Disable large pages completely by disabling the Mem.AllocGuestLargePage advanced parameter on ESXi. This could cause a performance loss for the VMs.
See Advanced Memory Attributes for more information.
2. Revert the steps that were taken to mitigate the MCEPSC vulnerability in Enabling Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Speculative-Execution vulnerability (CVE-2018-12207)
Feedback
Yes
No
Powered by
