Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144)

Summary

A vulnerability found in Intel Xeon affects IBM Cloud Pak System. IBM Cloud Pak System addressed this vulnerability.

Vulnerability Details

CVEID:CVE-2021-0144
**DESCRIPTION:**Intel Xeon and Intel Core products could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure default variable initialization in the BSSA DFT feature. An authenticated attacker could exploit this vulnerability to gain higher privileges.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205386 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

V2.3, V2.3.1.1, V2.3.2.0

v2.3.3.1, V2.3.3.2, V2.3.3.3, V2.3.3.3 ifix1

Compute node X240 M5

|

UEFI

Compute Node X3350 M5

|

UEFI

SN550

| UEFI

SR630

|

UEFI

Remediation/Fixes

For unsupported release/version/platform recommendation is to upgrade to supported fixed release of the product.

Compute node X240-M5

|

UEFI 3.30

Compute Node X3350-M5

|

UEFI 3.30

SN550

|

UEFI IVE174F

SR630

|

UEFI IVE174F

For Cloud Pak System V2.3.0.1, V.2.3.1.1, v.2.3.2.0, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 Interim Fix 1,

upgrade to IBM Cloud Pak System v2.3.3.4 at Fix Central

Information on upgrading : <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None