CVE-2023-46183

IBM PowerVM Hypervisor vulnerability CVE-2023-46183 discloses sensitive partition information to a sysadmin via the Hypervisor in affected firmware. Affected products and versions: FW950.00–FW950.90, FW1020.00–FW1020.40, and FW1030.00–FW1030.30. Root cause: information disclosure within PowerVM H...

CVE-2023-25683 IBM PowerVM Hypervisor information disclosure

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592...

Security Bulletin: This Power System update is being released to address CVE 2023-30440

Summary A vulnerability was identified internally by IBM related to SRIOV virtual function support in PowerVM. An attacker with privileged user access to a logical partition that has an assigned SRIOV virtual function VF may be able to create a Denial of Service of the VF assigned to other logica...

CVE-2023-30440

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function VF to cause a denial of servic...

CVE-2022-34331

CVE-2022-34331 affects IBM PowerVM Hypervisor (FW950 through FW1010) where a sequence of maintenance operations on SRIOV NICs can misconfigure the adapter and disable the intended VEPA configuration. The IBM/Power9+ PowerVM firmware updates listed as remediation are FW950.50 (950_105), FW1010.40 ...

CVE-2021-38918

CVE-2021-38918 – IBM PowerVM Hypervisor Affected products: IBM PowerVM Hypervisor firmware FW860, FW940, FW950, and FW1010 (Power 8/9/10 platforms listed in the IBM bulletin). What is vulnerable: A specific sequence of VM management operations from the management console (HMC, Novalink, or PowerV...

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894...

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894...

Code injection

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018...

Design/Logic Flaw

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894...

CVE-2021-38937

IBM PowerVM Hypervisor CVE-2021-38937 affects FW940, FW950, and FW1010. An authenticated user can trigger a specially crafted IBMi Hypervisor call to crash the system. Remediation is to upgrade to FW940.50(940_095), FW950.30(950_092), FW1010.01(1010_69) or newer. Affected Power VM Hypervisor vers...

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 are vulnerable to an access-control flaw that allows an attacker who gains service access to the FSP to read and write arbitrary host memory via crafted service procedures. Impact: high confidentiality and integrity, no availability impact. Affected ...

Security Bulletin: The PowerVM hypervisor can violate the isolation between peer VMs in certain scenarios

Summary A specific sequence of VM management operations from the management console HMC, Novalink, or PowerVC can lead to a violation of the isolation between peer VMs. Vulnerability Details CVEID: CVE-2021-38918 DESCRIPTION: IBM PowerVM Hypervisor through a specific sequence of VM management...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

Design/Logic Flaw

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor vulnerability CVE-2021-29795 allows a local user within a partition to issue a specially crafted sequence of hypervisor calls that can crash the system. Affected products are PowerVM Hypervisor FW860, FW930, FW940, and FW950 across Power8/Power9 platforms. Root cause: a mis...

Security Bulletin: The PowerVM hypervisor is vulnerable to a specially crafted sequence of hypervisor calls from a partition that can lead to a system crash

Summary An attacker that gains total control of a virtual machine running on the PowerVM hypervisor could issue a specially crafted sequence of hypervisor calls that will lead to a system crash and and an outage of all virtual machines running on the same system Vulnerability Details CVEID:...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

Design/Logic Flaw

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...