8.2.8 Ensure PCI and PCIe device passthrough is disabled

Information

Using the VMware DirectPath I/O feature to pass through a PCI or PCIe device to a virtual machine can result in a potential security vulnerability.

Rationale:

The vulnerability can be triggered by buggy or malicious code running in privileged mode in the guest OS, such as a device driver.

Solution

The following PowerCLI command can be used:

# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name 'pciPassthru*.present' -value ''

See Also

https://workbench.cisecurity.org/files/3473