IBM Vios is part of IBM USA’s PowerVm Editions hardware feature that helps share physical I/O resources between client logical partitions within a server. IBM VIOS lscore has an operating system command injection vulnerability that stems from an lscore command input validation error, and this vulnerability exists. A local user can pass specially crafted data to the lscore command and use elevated privileges to execute arbitrary code. The vulnerability allows a local user to escalate privileges on the system.
CPE | Name | Operator | Version |
---|---|---|---|
ibm ibm vios | eq | 3.1.0 | |
ibm ibm vios | eq | 3.1.1 | |
ibm ibm vios | eq | 3.1.2 |