IBMC99BDF8A6A2C5DEFD71F9C9951338D3DD960F6A25F0F02FF98E74B5BE426EC90Security Bulletin: The PowerVM hypervisor can allow an attacker that gains service access to the FSP to read and write system memory
EPSS
Percentile
44.1%
Summary
On PowerVM systems an attacker that gains service access to the FSP can read and write system memory through a series of carefully crafted service procedures
Vulnerability Details
CVEID:CVE-2021-38917
**DESCRIPTION:**IBM PowerVM Hypervisor could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210018 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| PowerVM Hypervisor | FW860 |
| PowerVM Hypervisor | FW940 |
| PowerVM Hypervisor | FW950 |
Remediation/Fixes
Customers with the products below should install FW860.A2(860_236), FW940.50(940_095), FW950.30(950_092) or newer to remediate this concern.
Power 8
-
IBM Power System S812 (8284-21A)
-
IBM Power System S822 (8284-22A)
-
IBM Power System S814 (8286-41A)
-
IBM Power System S824 (8286-42A)
-
IBM Power System E850 (8408-E8E)
-
IBM Power System E850C (8408-44E)
-
IBM Power System E870 (9119-MME)
-
IBM Power System E880 (9119-MHE)
-
IBM Power System E870C (9080-MME)
-
IBM Power System E880C (9080-MHE)
Power 9
-
IBM Power System S922 (9009-22A, 9009-22G)
-
IBM Power System H922 (9223-22H, 9223-22S)
-
IBM Power System S914 (9009-41A, 9009-41G)
-
IBM Power System S924 (9009-42A, 9009-42G)
-
IBM Power System H924 (9223-42H, 9223-42S)
-
IBM Power System E950 (9040-MR9)
-
IBM Power System E980 (9080-M98, 9080-M9S)
Workarounds and Mitigations
None
Related
EPSS
Percentile
44.1%