VMware HCX utilizes a hardened appliance architecture where the operating system and application layers are tightly coupled.

Users frequently inquire about applying individual security patches or upgrading specific RPM packages (e.g., Linux kernel, OpenSSL, or system libraries) independently of the standard upgrade cycle to address vulnerabilities found in security scans.

 VMware HCX

HCX adheres to a strict appliance lifecycle model. All operating system components, including the Linux kernel and system libraries, are validated, managed, and distributed exclusively as part of official HCX upgrade bundles.

To ensure system integrity and supportability, VMware HCX does not provide or support the installation of individual RPM packages or manual updates outside of these monolithic updates.

To obtain updated RPM packages or security fixes, users must upgrade to the latest available HCX version.

Security vulnerabilities (CVEs) are addressed by Broadcom through the release of new HCX maintenance or minor releases.

HCX Release notes