Performance Impact Statement for MCEPSC (CVE-2018-12207) - VMware
search cancel

Performance Impact Statement for MCEPSC (CVE-2018-12207) - VMware

book

Article ID: 309708

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

VMware described its overall response to a specific set of recently discovered CPU security vulnerabilities in VMSA-2019-0020. These mitigations may have an impact on performance to some applications. This knowledge base article will be used as the centralized document to discuss performance impacts of security issues described by CVE-2018-12207 in modern day processors as they apply to VMware.

Environment

VMware ESXi 8.x
VCF 9.x

Resolution

Testing confirms the performance costs associated with applying hypervisor-specific mitigations on vSphere for CVE-2018-12207.

Performance conclusions are as follows:

  • Enterprise class workloads: Testing consistently showed a performance impact of 5% or less for enterprise class workloads, including Databases, mixed workload server consolidation scenarios, and virtual desktop infrastructure (VDI)

  • Nested virtualization and Microsoft Virtualization-Based Security (VBS): Testing showed a significant performance impact when applied to nested virtualized environments on ESXi. Windows VBS uses virtualization, enabling it on ESXi results in nested virtualization. It is strongly recommend testing is performed in an isolated environment before deciding to deploy this ESXi mitigation more broadly to nested or VBS enabled environments. Refer to KB 313547 for support information related to nested ESXi environments.