Security Bulletin: This Power System update is being released to address CVE 2023-30440

Summary A vulnerability was identified internally by IBM related to SRIOV virtual function support in PowerVM. An attacker with privileged user access to a logical partition that has an assigned SRIOV virtual function VF may be able to create a Denial of Service of the VF assigned to other logica...

CVE-2023-30440

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function VF to cause a denial of servic...

CVE-2021-38918

CVE-2021-38918 – IBM PowerVM Hypervisor Affected products: IBM PowerVM Hypervisor firmware FW860, FW940, FW950, and FW1010 (Power 8/9/10 platforms listed in the IBM bulletin). What is vulnerable: A specific sequence of VM management operations from the management console (HMC, Novalink, or PowerV...

Code injection

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018...

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 are vulnerable to an access-control flaw that allows an attacker who gains service access to the FSP to read and write arbitrary host memory via crafted service procedures. Impact: high confidentiality and integrity, no availability impact. Affected ...

Security Bulletin: The PowerVM hypervisor can violate the isolation between peer VMs in certain scenarios

Summary A specific sequence of VM management operations from the management console HMC, Novalink, or PowerVC can lead to a violation of the isolation between peer VMs. Vulnerability Details CVEID: CVE-2021-38918 DESCRIPTION: IBM PowerVM Hypervisor through a specific sequence of VM management...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

Design/Logic Flaw

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor vulnerability CVE-2021-29795 allows a local user within a partition to issue a specially crafted sequence of hypervisor calls that can crash the system. Affected products are PowerVM Hypervisor FW860, FW930, FW940, and FW950 across Power8/Power9 platforms. Root cause: a mis...

Security Bulletin: The PowerVM hypervisor is vulnerable to a specially crafted sequence of hypervisor calls from a partition that can lead to a system crash

Summary An attacker that gains total control of a virtual machine running on the PowerVM hypervisor could issue a specially crafted sequence of hypervisor calls that will lead to a system crash and and an outage of all virtual machines running on the same system Vulnerability Details CVEID:...