273 matches found
Security Bulletin: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients (CVE-2024-47535) affects IBM PowerVM Novalink.
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients is used by IBM PowerVM Novalink. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on...
Security Bulletin: Vulnerabilities in Java SE (component: Hotspot: CVE-2024-10917, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208) affect IBM PowerVM Novalink.
Summary Java SE component: Hotspot is used by IBM PowerVM Novalink. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete...
CVE-2025-0986
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...
CVE-2025-0986
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...
CVE-2025-0986
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...
CVE-2025-0986 IBM PowerVM Hypervisor data manipulation
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...
CVE-2025-0986 IBM PowerVM Hypervisor data manipulation
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration...
CVE-2025-0986
CVE-2025-0986 affects IBM PowerVM Hypervisor FW1050.00–FW1050.30 and FW1060.00–FW1060.20. A local user, under certain Linux processor-compatibility mode configurations, can cause undetected data loss or errors when gzip is accelerated by hardware. IBM’s bulletin notes this is mitigated by upgradi...
IBM PowerVM Hypervisor 安全漏洞
IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...
PT-2025-13521 · Ibm · Ibm Powervm Hypervisor
Name of the Vulnerable Software and Affected Versions: IBM PowerVM Hypervisor versions FW1050.00 through FW1050.30 IBM PowerVM Hypervisor versions FW1060.00 through FW1060.20 Description: The issue allows a local user, under certain Linux processor compatibility mode configurations, to cause...
Security Bulletin: This Power System update is being released to address CVE-2025-0986
Summary A Linux partition in Power10 processor compatibility mode can cause undetected data loss or error when performing gzip compression using hardware acceleration during a specific hardware state window. Vulnerability Details CVEID:CVE-2025-0986 DESCRIPTION: IBM PowerVM could allow a local...
Security Bulletin: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service (CVE-2022-35643)
Summary A vulnerability in IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service CVE-2022-35643. Vulnerability Details CVEID:CVE-2022-35643 DESCRIPTION: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or...
Security Bulletin: This Power System update is being released to address CVE-2024-41781
Summary An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID:CVE-2024-41781 DESCRIPTION: IBM PowerVM Platform KeyStore functionality can be compromised if an attacker gain...
Security Bulletin: IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.(CVE-2024-21147)
Summary IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java ...
Security Bulletin: This Power System update is being released to address CVE-2024-41007
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-41007, by upgrading PowerVM and thus addressing the exposure ...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. (CVE-2024-7254)
Summary IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with...
Security Bulletin: IBM PowerVM Novalink is vulnerable because GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields. (CVE-2024-40094)
Summary IBM PowerVM Novalink is vulnerable because GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service. By using introspection queries, a remote attacker could exploi...
Security Bulletin: This Power System update is being released to address CVE-2022-0480 and CVE-2023-6531
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-0480 an...
CVE-2024-41781
IBM PowerVM Platform KeyStore IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the H...
CVE-2024-41781
IBM PowerVM Platform KeyStore IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the H...