ESXi: esxi-8.cpu-hyperthread-warning

Information

The ESXi host must not suppress warnings about unmitigated hyperthreading vulnerabilities. Hyperthreading security warnings signify unaddressed CPU vulnerabilities in the system, and ignoring these could mask potential risks. Ensure that hardware remediations align with your organization's accepted risk, and if suppressing a warning, document the decision and rationale.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting UserVars.SuppressHyperthreadWarning | Set-AdvancedSetting -Value 0

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/