CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.
CVEID:CVE-2023-30438
**DESCRIPTION:**A vulnerability was identified in IBM PowerVM that could lead to an undetected violation of the isolation between partitions.
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
PowerVM Hypervisor | FW1030.00 - FW1030.10 |
PowerVM Hypervisor | FW1020.00 - FW1020.30 |
PowerVM Hypervisor | FW1010.00 - FW1010.50 |
PowerVM Hypervisor | FW950.00 - FW950.70 |
For Power9 servers, only FW950 is supported but all firmware releases on the listed products are vulnerable.
See the PSIRT Q&A for more information.
IBM strongly recommends customers with the products below install FW950.71(950_124) or newer to remediate this vulnerability.
Power 9
IBM Power System L922 (9008-22L)
IBM Power System S922 (9009-22A, 9009-22G)
IBM Power System H922 (9223-22H, 9223-22S)
IBM Power System S914 (9009-41A, 9009-41G)
IBM Power System S924 (9009-42A, 9009-42G)
IBM Power System H924 (9223-42H, 9223-42S)
IBM Power System E950 (9040-MR9)
IBM Power System E980 (9080-M9S)
IBM strongly recommends customers with the products below install FW1010.51(1010_163), FW1030.11(1030_052) or newer to remediate this vulnerability.
Power 10
IBM strongly recommends customers with the products below install FW1020.31(1020_102), FW1030.11(1030_058) or newer to remediate this vulnerability.
Power 10
IBM Power System S1022 (9105-22A)
IBM Power System S1024 (9105-42A)
IBM Power System S1022s (9105-22B)
IBM Power System S1014 (9105-41B)
IBM Power System L1022 (9786-22H)
IBM Power System L1024 (9786-42H)
IBM Power System E1050 (9043-MRX)
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | power9_system_firmware | any | cpe:2.3:o:ibm:power9_system_firmware:any:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%