Security Bulletin: This Power System update is being released to address CVE 2022-22488

Summary POWER9: In response to a security issue with the BMC web server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-22488. Vulnerability Details CVEID:CVE-2022-22488 DESCRIPTION: IBM BMC could allow a privileged user ...

Security Bulletin: This Power System update is being released to address CVE 2021-29891

Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-29891. Vulnerability Details CVEID:CVE-2021-29891 DESCRIPTION: IBM OPENBMC could allow a privileged...

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: This Power System update is being released to address CVE 2022-0778

Summary POWER9: In response to a security issue with network connections, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-0778. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of...

CVE-2022-22374

The BMC IBM Power 9 AC922 OP910, OP920, OP930, and OP940 may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442...

CVE-2022-22374

The BMC IBM Power 9 AC922 OP910, OP920, OP930, and OP940 may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442...

CVE-2022-22374

The CVE-2022-22374 entry concerns the BMC firmware on IBM Power System AC922 servers (OP910/OP920/OP930/OP940). The issue is a firmware downgrade attack that may affect the host’s ability to operate. Public details indicate no Power System firmware update is released specifically for this CVE; re...

CVE-2022-22374

The BMC IBM Power 9 AC922 OP910, OP920, OP930, and OP940 may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442...

Security Bulletin: This Power System update is being released to address CVE-2022-22374

Summary POWER9: In response to a security issue with firmware update, this security bulletin is being issued to address Common Vulnerabilities and Exposures issue number CVE 2022-22374. There is no Power System firmware update for this. Please follow the Remediation and Mitigation steps...

CVE-2022-22374

The BMC IBM Power 9 AC922 OP910, OP920, OP930, and OP940 may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442...

Security Bulletin: This Power System update is being released to address CVE 2021-38960

Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-38960 Vulnerability Details CVEID: CVE-2021-38960 DESCRIPTION: IBM OPENBMC could allow an...

Security Bulletin: This Power System update is being released to address CVE-2018-8931

Summary POWER8/POWER9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. Vulnerability Details CVEID: CVE-2018-8931 DESCRIPTION: The AMD Ryzen, Ryzen Pro, and Ryzen Mobil...

Security Bulletin: This Power System update is being released to address CVE 2021-3450 and CVE 2021-3449

Summary POWER9: In response to security issues with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE 2021-3450 and CVE 2021-3449. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a...

Security Bulletin: This Power System update is being released to address CVE 2020-25705

Summary POWER9: In response to security issues with BMC's UDP network service, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2020-25705. Vulnerability Details CVEID: CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remo...

Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords

Summary A flaw in the file permissions may expose IPMI user passwords. This may lead to privilege escalations. Vulnerability Details CVEID: CVE-2020-14156 DESCRIPTION: OpenBMC phosphor-host-ipmid could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to...