31 matches found
EUVD-2021-16321
Malware in sbrugna...
Security Bulletin: This Power System update is being released to address CVE-2024-41007
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-41007, by upgrading PowerVM and thus addressing the exposure ...
Security Bulletin: This Power System update is being released to address CVE 2022-2809
Summary POWER10: In response to a security issue with the BMC HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2022-2809. Vulnerability Details CVEID:CVE-2022-2809 DESCRIPTION: In IBM OPENBMC, when using using a...
Security Bulletin: This Power System update is being released to address CVE 2022-22488
Summary POWER9: In response to a security issue with the BMC web server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-22488. Vulnerability Details CVEID:CVE-2022-22488 DESCRIPTION: IBM BMC could allow a privileged user ...
Security Bulletin: This Power System update is being released to address CVE-2024-26665
Summary When the BMC is configured to use IPv6, it is vulnerable to an attacker per CVE-2024-26665. Vulnerability Details CVEID:CVE-2024-26665 DESCRIPTION: Linux Kernel is vulnerable to a denial of service caused by out-of-bounds access when building IPv6 PMTU. By sending a specially crafted...
Security Bulletin: This Power System update is being released to address CVE-2022-0480 and CVE-2023-6531
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-0480 an...
Security Bulletin: This Power System update is being released to address CVE-2023-1206
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-1206, by upgrading PowerVM and thus addressing the exposure t...
Security Bulletin: This Power System update is being released to address CVE-2024-31916
Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details CVEID:CVE-2024-31916 DESCRIPTION: IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that...
Security Bulletin: This Power System update is being released to address CVE-2022-4304
Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...
Security Bulletin: This Power System update is being released to address CVE-2021-3505
Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...
Security Bulletin: This Power System update is being released to address CVE-2023-46183
Summary A vulnerability was identifed where sensitive partition data controlled by PowerVM may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-46183 DESCRIPTION: IBM PowerVM Hypervisor could allow a system administrator to obtain sensitive partition information. CVSS...
Security Bulletin: This Power System update is being released to address CVE-2023-33851
Summary A vulnerability was identifed where sensitive partition data may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-33851 DESCRIPTION: IBM PowerVM Hypervisor could reveal sensitive partition data to a system administrator. CVSS Base score: 5.3 CVSS Temporal Scor...
Security Bulletin: This Power System update is being released to address CVE-2022-4304 CVE-2022-4450 CVE-2023-0215, and CVE-2023-0286
Summary The OpenSSL library is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, and CVE-2023-0286, b...
Security Bulletin: This Power System update is being released to address CVE 2023-30440
Summary A vulnerability was identified internally by IBM related to SRIOV virtual function support in PowerVM. An attacker with privileged user access to a logical partition that has an assigned SRIOV virtual function VF may be able to create a Denial of Service of the VF assigned to other logica...
Security Bulletin: This Power System update is being released to address CVE 2021-45486
Summary A security problem was fixed for the Virtualization Management Interface VMI for vulnerability CVE-2021-45486 that could allow a remote attacker to reveal sensitive information Vulnerability Details CVEID:CVE-2021-45486 DESCRIPTION: Linux Kernel could allow a local attacker to obtain...
Security Bulletin: Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)
Summary Power Systems Firmware affected by vulnerability in OpenSSL CVE-2016-0797 Vulnerability Details CVEID: CVE-2016-0797 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BNhex2bn/BNdec2bn function. An attacker could exploit this...
Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.
Summary PowerVM partition firmware is the portion that executes in each partition during boot. On POWER9 systems an attacker that gains service access to the FSP can compromise partition firmware for any partition configured on the system. On all affected systems an attacker that gains admin...
IBM Power System 安全漏洞
The IBM Power System is a Power processor-based server computer from IBM in the United States. A security vulnerability exists in the IBM Power System, which arises from a pre-production kernel package that can be bootstrapped by grub in Secure Boot Mode. These kernel builds do not have the Secur...
IBM Power System 访问控制错误漏洞
The IBM Power System is a Power processor-based server computer from IBM in the United States. A security vulnerability exists in the IBM Power System that originates from the FSP being susceptible to unauthenticated logins via the serial port/TTY interface. The following products and versions ar...
Security Bulletin: This Power System update is being released to address CVE 2021-29847
Summary POWER8: In response to a security issue with BMC's configuration, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2019-29847. Vulnerability Details CVEID:CVE-2021-29847 DESCRIPTION: BMC firmware configuration changed to...