Security Bulletin: This Power System update is being released to address CVE-2023-45871

Summary

The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-45871, by upgrading PowerVM and thus addressing the exposure to the kernel vulnerability.

Vulnerability Details

CVEID:CVE-2023-45871
**DESCRIPTION:**Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker from within the local network could overflow a buffer and execute arbitrary code or cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

Customers with the products below should install FW1030.61(1030_093), FW1050.21(1050_080) or newer to remediate this vulnerability.

Power 10

1. IBM Power System S1022 (9105-22A)

2. IBM Power System S1024 (9105-42A)

3. IBM Power System S1022s (9105-22B)

4. IBM Power System S1014 (9105-41B)

5. IBM Power System L1022 (9786-22H)

6. IBM Power System L1024 (9786-42H)

7. IBM Power System E1050 (9043-MRX)

_The images mentioned above can be located at IBM Fix Central : <https://www.ibm.com/support/fixcentral/&gt;_

Workarounds and Mitigations

None