Lucene search

K
ibmIBM8D51B1CCF553607721A6431D546CB125BDAE1A6548F48EA8578236D895D8CE16
HistorySep 17, 2024 - 7:14 p.m.

Security Bulletin: This Power System update is being released to address CVE-2023-45871

2024-09-1719:14:40
www.ibm.com
2
powervm
virtualization management interface
linux kernel
buffer overflow
power systems
cve-2023-45871

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

Summary

The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-45871, by upgrading PowerVM and thus addressing the exposure to the kernel vulnerability.

Vulnerability Details

**CVEID:**CVE-2023-45871 DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker from within the local network could overflow a buffer and execute arbitrary code or cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Virtualization Management Interface FW1030.00 - FW1030.60
Virtualization Management Interface FW1050.00 - FW1050.20

Remediation/Fixes

Customers with the products below should install FW1030.61(1030_093), FW1050.21(1050_080) or newer to remediate this vulnerability.

Power 10

  1. IBM Power System S1022 (9105-22A)

  2. IBM Power System S1024 (9105-42A)

  3. IBM Power System S1022s (9105-22B)

  4. IBM Power System S1014 (9105-41B)

  5. IBM Power System L1022 (9786-22H)

  6. IBM Power System L1024 (9786-42H)

  7. IBM Power System E1050 (9043-MRX)

_The images mentioned above can be located at IBM Fix Central :https://www.ibm.com/support/fixcentral/_

Workarounds and Mitigations

None

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High