PowerKVM is affected by a vulnerability in SPICE. IBM has now addressed this vulnerability.
CVEID: CVE-2018-10873 DESCRIPTION: SPICE is vulnerable to a denial of service, caused by a missing check in python_modules/demarshal.py:write_validate_array_item(). By sending a specially-crafted message, a remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148522> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)
PowerKVM 3.1
Customers can update PowerKVM systems by using “yum update”.
Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 16.
none