When enabling the ESXi Side-Channel-Aware Scheduler (L1 Terminal Fault vulnerability CVE-2018-3646) for a cluster or single hosts, you should use VMware HTAware Mitigation Tool for resource analyzing and enabling. There are a few limitations after applying and enabling VMware L1TF patches on ESXi hosts (starting in august 2018). One of them is that a VM configured with n vCPUs can only run on hosts with >=n physical cores. […]