CVE-2021-38918

CVE-2021-38918 – IBM PowerVM Hypervisor Affected products: IBM PowerVM Hypervisor firmware FW860, FW940, FW950, and FW1010 (Power 8/9/10 platforms listed in the IBM bulletin). What is vulnerable: A specific sequence of VM management operations from the management console (HMC, Novalink, or PowerV...

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894...

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894...

Code injection

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018...

Design/Logic Flaw

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894...

CVE-2021-38937

IBM PowerVM Hypervisor CVE-2021-38937 affects FW940, FW950, and FW1010. An authenticated user can trigger a specially crafted IBMi Hypervisor call to crash the system. Remediation is to upgrade to FW940.50(940_095), FW950.30(950_092), FW1010.01(1010_69) or newer. Affected Power VM Hypervisor vers...

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 are vulnerable to an access-control flaw that allows an attacker who gains service access to the FSP to read and write arbitrary host memory via crafted service procedures. Impact: high confidentiality and integrity, no availability impact. Affected ...

Security Bulletin: The PowerVM hypervisor can violate the isolation between peer VMs in certain scenarios

Summary A specific sequence of VM management operations from the management console HMC, Novalink, or PowerVC can lead to a violation of the isolation between peer VMs. Vulnerability Details CVEID: CVE-2021-38918 DESCRIPTION: IBM PowerVM Hypervisor through a specific sequence of VM management...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

Design/Logic Flaw

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor vulnerability CVE-2021-29795 allows a local user within a partition to issue a specially crafted sequence of hypervisor calls that can crash the system. Affected products are PowerVM Hypervisor FW860, FW930, FW940, and FW950 across Power8/Power9 platforms. Root cause: a mis...

Security Bulletin: The PowerVM hypervisor is vulnerable to a specially crafted sequence of hypervisor calls from a partition that can lead to a system crash

Summary An attacker that gains total control of a virtual machine running on the PowerVM hypervisor could issue a specially crafted sequence of hypervisor calls that will lead to a system crash and and an outage of all virtual machines running on the same system Vulnerability Details CVEID:...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

Design/Logic Flaw

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

CVE-2021-29765

CVE-2021-29765 affects IBM PowerVM Hypervisor FW940 and FW950. If an attacker gains service access to the FSP, they can decrypt data in the Platform KeyStore, enabling disclosure of sensitive information. Remediation: apply FW940.30 (VL940_071) or FW950.10 (VL950_072) or above on listed Power Sys...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

Security Bulletin: The PowerVM Platform KeyStore functionality can be compromised if an attacker gains service access to the FSP

Summary An attacker that gains service access to the FSP can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID: CVE-2021-29765 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if...

Security Bulletin: This Power System update is being released to address CVE 2021-20505

Summary POWER9: In response to a weakness in a set of PowerVM service procedures a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-20505. Vulnerability Details CVEID: CVE-2021-20505 DESCRIPTION: The PowerVM Logical Partition...

Security Bulletin: This Power System update is being released to address CVE-2021-20487

Summary Power9: A new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2021-20487. The Self Boot EngineSBE can be compromised from the service processor to allow injection of malicious code. An attacker that gains root access to the...