You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-vmware/azure-vmware-solution-known-issues.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
4
4
ms.topic: reference
5
5
ms.custom: "engagement-fy23"
6
6
ms.service: azure-vmware
7
-
ms.date: 7/15/2025
7
+
ms.date: 7/29/2025
8
8
# Customer intent: "As a cloud administrator, I want to access detailed information about known issues in Azure VMware Solution so that I can implement workarounds and ensure the stability of my virtual environment."
9
9
---
10
10
@@ -16,9 +16,9 @@ Refer to the table to find details about resolution dates or possible workaround
16
16
17
17
|Issue | Date discovered | Workaround | Date resolved |
| [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877) VMXNET3 integer-overflow, VMCI integer-underflow, PVSCSI heap-overflow, and vSockets information-disclosure vulnerabilities. | July 15, 2025 | Microsoft verified the applicability of the vulnerabilities within the Azure VMware Solution service and adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.3](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take extra precautions when granting administrative access to guest VMs until the update is addressed. For additional information on the vulnerability, see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0013-remediation/4433430) (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239). | July 21, 2025 (Pending) - Resolved in [ESXi 8.0_U3f](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html) |
20
-
| Changing the default NSX Tier-1 name may cause some NSX features added through the Azure portal, such as DNS Zone and the Segment page, to not function as expected. | June 2025 | Azure VMware Solution uses the NSX Tier-1 name "TNTxx-T1" (where xx is the internal tenant ID) for these features. Therefore do not change the default Tier-1 name. | N/A|
21
-
| Creating stateful gateway firewall rules associated with Azure VMware Solution default NSX-T tier-0 router causes unwanted/unexpected behavior. | May 2025 | Azure VMware Solution deploys with a stateless NSX-T tier-0 router. As such, stateful firewall rules are incompatible even though the NSX-T UI may allow it. Apply stateful services and/or firewall rules at the tier-1 router. | N/A|
19
+
| [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877) VMXNET3 integer-overflow, VMCI integer-underflow, PVSCSI heap-overflow, and vSockets information-disclosure vulnerabilities. | July 15, 2025 | Microsoft verified the applicability of the vulnerabilities within the Azure VMware Solution service and adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.3](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take extra precautions when granting administrative access to guest VMs until the update is addressed. For additional information on the vulnerability, see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0013-remediation/4433430) (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239). | July 29, 2025 - Resolved in [ESXi 8.0_U3f](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html) |
20
+
| Changing the default NSX Tier-1 name may cause some NSX features added through the Azure portal, such as DNS Zone and the Segment page, to not function as expected. | June 2025 | Azure VMware Solution uses the NSX Tier-1 name "TNTxx-T1" (where xx is the internal tenant ID) for these features. Therefore do not change the default Tier-1 name. | N/A|
21
+
| Creating stateful gateway firewall rules associated with Azure VMware Solution default NSX-T tier-0 router causes unwanted/unexpected behavior. | May 2025 | Azure VMware Solution deploys with a stateless NSX-T tier-0 router. As such, stateful firewall rules are incompatible even though the NSX-T UI may allow it. Apply stateful services and/or firewall rules at the tier-1 router. | N/A|
22
22
| AV64 hosts running vSAN Express Storage Architecture (ESA), may see a High pNIC errors due to buffer overflows. [Getting alarm in relation to "High pNic error rate detected" on hosts in vSAN clusters when using Mellanox NICs](https://knowledge.broadcom.com/external/article/392333/getting-alarm-in-relation-to-high-pnic-e.html)| June 2025 | The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. | N/A |
23
23
|[VMSA-2025-0012](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738) Multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245) identified in VMware NSX. | May 2025 | The vulnerability described in the Broadcom document does not apply to Azure VMware Solution due to existing compensating controls mitigate the risk of exploitation. | The upcoming version of NSX includes the patch to address this vulnerability. |
24
24
|[VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft confirmed the applicability of these vulnerabilities in Azure VMware Solution. Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities before official patching. The vulnerabilities adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) within the Azure VMware Solution. Until the update is addressed, customers are advised to exercise caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
0 commit comments