How to address VMware kb 55806 with currently deployed EXAv clusters

Hi, customer is looking to address a vulnerability described in .
They are in the process of implementing changes to the ESXi hypervisor outlined in KB 55806, to address the vulnerability in Intel processors described in CVE-2018-3646.
The gist of the vulnerability is that Intel Hyperthreading – which treats a single CPU core as two individual cores – can allow a VM “ …to infer the contents of the hypervisor’s or another VM’s privileged information residing at the same time in the same core’s L1 Data cache.
The solution to this issue is to enable the ESXi Side-Channel-Aware Scheduler – which in essence disables Hyperthreading and effectively cuts down in half the number of maximum vCPUs any given VM can have.
Current hosts have two 24-core processors; with Hyperthreading they have 48 logical processors; without HT we’re down to 24. Since the EXA VMs have 32 vCPUs, they cannot be supported once the change is implemented.
Thus, current deployment of 5 large virtual EXAs would not be possible and the nodes would have to be reduced in size. This is not a preferred option as it would negatively impact current EXA cluster’s lookback and ingest capabilities.
Are there any recommendations/guidelines on how to address this VMWare vulnerability without reducing the size of the current EXAv nodes?
Thank you

Passing on some information from the ExtraHop Security team on this one.

The class of attacks described in CVE-2018-3646 requires arbitrary execution of attacker code. Since the ExtraHop appliance is a closed appliance, attackers cannot generally run code. Triggers are a limited exception, but those can be secured through access restrictions to trusted individuals.

If the ExtraHop virtual appliance is the only appliance running on the VM host, then I they would not recommend disabling the hyperthreading. Even if there are other guests running on the VM, they would still not recommend disabling hyperthreading as ExtraHop has built in available compiler protections for the general Spectre/Meltdown class of side channel bugs.