HPE Community
HPE SimpliVity
1820256 Members
2984 Online
109622 Solutions
New Discussion юеВ

New CVE's

 
Brian_Galante
Frequent Advisor

тАО03-19-2024 12:43 PM - last edited on тАО03-19-2024 09:04 PM by

тАО03-19-2024 12:43 PM - last edited on тАО03-19-2024 09:04 PM by

New CVE's

There is a vulnerability I was notified about for ESX. Can we install the ESXi7.0U3p update?

Or does HPE have a timeframe when we will be able to?

CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

2 people had this problem.
0 Kudos
Reply
7 REPLIES 7
Kipp_Glover
HPE Pro

тАО03-19-2024 01:20 PM

тАО03-19-2024 01:20 PM

Re: New CVE's

Good day Brian!

SimpliVity will shortly publish a Customer Notice on this most recent patch from VMware, ESXi 7.0 U3p. 

SimpliVity plans to release a SimpliVity ESXi 7.0 U3p Custom Offline Bundle near the end of May 2024.  If a customer cannot wait for the SimpliVity custom bundle we recommend they consume the patch directly from VMware.  Refer to the ESXi 7.0 U3p release notes for installation.  Our data shows that over 500 customer nodes have successfully installed the ESXi 7.0 U3p patch. 

The SimpliVity Interoperability Guide will be updated once the SimpliVity ESXi 7.0 U3p Offline Custom Bundle is released.┬н

Cheers!
/Kipp



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Omareid1
Visitor

тАО01-30-2025 01:07 PM - last edited on тАО01-30-2025 10:43 PM by

тАО01-30-2025 01:07 PM - last edited on тАО01-30-2025 10:43 PM by

Re: New CVE's

Hi @Kipp_Glover 
I have HPE esxi 8.0 syn , I didnтАЩt find patch for this CVEтАЩs please need your support

0 Kudos
Reply
Kipp_Glover
HPE Pro

тАО01-31-2025 07:07 AM

тАО01-31-2025 07:07 AM

Re: New CVE's

Good day Omareid1,

I assume when you say you have ESXi 8.0 syn, you are referring to the ESXi 8.0 Custom bundle for Synergy.   I would recommend that you use the SimpliVity ESXi Custom bundles for SimpliVity.   If you take a look at the Broadcom Security Advisory for these CVEs in the "Response Matrix", it is noted these vulnerabilities were fixed in ESXi 8.0 U1d (23299997) and ESXi 8.0 U2sb (23305545).   Here is the link to the security advisory:  https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24266 

Cheers!
/Kipp



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Omareid1
Visitor

тАО01-31-2025 07:56 AM

тАО01-31-2025 07:56 AM

Re: New CVE's

Hi kipp

Thank you for reply..

Actually,I used ESXi 8.0 U1d (23299997) patch but i got Error тАЬ profile ( updated )
HPE-custom-syn-AddOn_800.0.0.11.1.5- is missing component (s) Esxi.Make sure the image contains these component (s) at a version equal or higher than the version found in the Esxi release version 8.0.1тАЭ

0 Kudos
Reply
Kipp_Glover
HPE Pro

тАО01-31-2025 08:50 AM

тАО01-31-2025 08:50 AM

Re: New CVE's

That is the Synergy ESXi bundle you are using.  You need to use the SimpliVity Custom ESXi Bundle.  You can find the SimpliVity ESXi Custom bundles link on the SimpliVity Software Releases website. 

SimpliVity runs on Proliant hardware; the error you see could be related to this. 

ESXi custom bundle.png

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Omareid1
Visitor

тАО02-05-2025 12:30 AM

тАО02-05-2025 12:30 AM

Re: New CVE's

Dear Kipp

Thanks for your replay..

I can use the below Synergy versions for close the vulnerabilities ?

BR,

OMARSynergy 480 Gen10.png

0 Kudos
Reply
Kipp_Glover
HPE Pro

тАО02-05-2025 11:05 AM

тАО02-05-2025 11:05 AM

Re: New CVE's

Hi Omar!

You should use the SimpliVity ESXi offline custom bundles.  Don't use the Synergy bundles for SimpliVity. 

/Kipp



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.