Update azure-vmware-solution-known-issues.md

rvandenbedem · web-flow · commit 630c5950b5bc · 2025-07-15T12:37:21.000-04:00
diff --git a/articles/azure-vmware/azure-vmware-solution-known-issues.md b/articles/azure-vmware/azure-vmware-solution-known-issues.md
@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
 ms.topic: reference
 ms.custom: "engagement-fy23"
 ms.service: azure-vmware
-ms.date: 6/11/2025
+ms.date: 7/15/2025
 ---
 
 # Known issues: Azure VMware Solution
@@ -15,6 +15,7 @@ Refer to the table to find details about resolution dates or possible workaround
 
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
+| [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877) VMXNET3 integer-overflow, VMCI integer-underflow, PVSCSI heap-overflow, and vSockets information-disclosure vulnerabilities. | July 2025 | Microsoft has verified the applicability of the vulnerabilities within the Azure VMware Solution service and have adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.3](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take additional precautions when granting administrative access to, and monitor any administrative activities on, guest VMs until the update is fully addressed. For additional information on the vulnerability and Microsoft’s involvement, please see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0013-remediation/4433430) (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239). | July 21, 2025 (Pending) - Resolved in [ESXi 8.0_U3f](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html) |
 | Changing the default NSX Tier-1 name may cause some NSX features added through the Azure portal, such as DNS Zone and the Segment page, to not function as expected. | June 2025 | Azure VMware Solution uses the NSX Tier-1 name "TNTxx-T1" (where xx is the internal tenant ID) for these features. Therefore, please do not change the default Tier-1 name. | N/A|
 | Creating stateful gateway firewall rules associated with Azure VMware Solution default NSX-T tier-0 router causes unwanted/unexpected behavior. | May 2025 | Azure VMware Solution deploys with a stateless NSX-T tier-0 router.  As such, stateful firewall rules are incompatible even though the NSX-T UI may allow it.  Apply stateful services and/or firewall rules at the tier-1 router. | N/A|
 | AV64 hosts running vSAN Express Storage Architecture (ESA), may see a High pNIC errors due to buffer overflows. [Getting alarm in relation to "High pNic error rate detected" on hosts in vSAN clusters when using Mellanox NICs](https://knowledge.broadcom.com/external/article/392333/getting-alarm-in-relation-to-high-pnic-e.html) | June 2025 |  The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. ||
