IBMA2C64BDF0D46F1E4E4A5C9D27C0AEC9D0B45148B04252F7704C5DC3BC9BE0DBFSecurity Bulletin: The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can lead to a system crash
EPSS
Percentile
32.8%
Summary
The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can lead to a system crash
Vulnerability Details
CVEID:CVE-2021-38937
**DESCRIPTION:**IBM PowerVM Hypervisor could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210894 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| PowerVM Hypervisor | FW1010 |
| PowerVM Hypervisor | FW940 |
| PowerVM Hypervisor | FW950 |
Remediation/Fixes
Customers with the products below should install FW940.50(940_095), FW950.30(950_092), FW1010.01(1010_69) or newer to remediate this concern.
Power 9
-
IBM Power System S922 (9009-22A, 9009-22G)
-
IBM Power System H922 (9223-22H, 9223-22S)
-
IBM Power System S914 (9009-41A, 9009-41G)
-
IBM Power System S924 (9009-42A, 9009-42G)
-
IBM Power System H924 (9223-42H, 9223-42S)
-
IBM Power System E950 (9040-MR9)
-
IBM Power System E980 (9080-M98, 9080-M9S)
Power 10
- IBM Power System E1080 (9080-HEX)
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.8%