18 matches found
EUVD-2022-54532
Malicious code in bioql PyPI...
CVE-2022-49703
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...
CVE-2022-49703
Conforms to Mode C. The CVE-2022-49703 issue affects the Linux kernel ibmvfc driver: the back pointer from a SCSI queue to the vhost adapter was not set during subcrq allocation, which could allow a stale backpointer to be dereferenced during IRQ handling. This could cause a kernel NULL pointer d...
Security Bulletin: This Power System update is being released to address CVE-2022-4304
Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...
Security Bulletin: This Power System update is being released to address CVE-2022-4450
Summary This affects the BMC administrator function to upload HTTPS certificates. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. ...
Security Bulletin: This Power System update is being released to address CVE-2023-33851
Summary A vulnerability was identifed where sensitive partition data may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-33851 DESCRIPTION: IBM PowerVM Hypervisor could reveal sensitive partition data to a system administrator. CVSS Base score: 5.3 CVSS Temporal Scor...
Security Bulletin: This Power System update is being released to address CVE-2023-25683
Summary The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC Vulnerability Details CVEID:CVE-2023-25683 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the...
Security Bulletin: This Power System update is being released to address multiple CVEs for vTPM1.2
Summary This update addresses multiple CVEs that impacts any VM configured with a virtual trusted platform module vTPM version 1.2 Vulnerability Details CVEID:CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For more details about the security issues, including the...
Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.
Summary PowerVM partition firmware is the portion that executes in each partition during boot. On POWER9 systems an attacker that gains service access to the FSP can compromise partition firmware for any partition configured on the system. On all affected systems an attacker that gains admin...
Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM
Summary OpenSSL is used by PowerVM to support encrypted Logical Partition Mobility. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading PowerVM and thus addressing the exposure to the openssl vulnerability. Vulnerability Details CVEID: CVE-2022-0778...
Security Bulletin: The PowerVM hypervisor can violate the isolation between peer VMs in certain scenarios
Summary A specific sequence of VM management operations from the management console HMC, Novalink, or PowerVC can lead to a violation of the isolation between peer VMs. Vulnerability Details CVEID: CVE-2021-38918 DESCRIPTION: IBM PowerVM Hypervisor through a specific sequence of VM management...
Security Bulletin: The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can lead to a system crash
Summary The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can lead to a system crash Vulnerability Details CVEID: CVE-2021-38937 DESCRIPTION: IBM PowerVM Hypervisor could allow an authenticated user to cause the system to crash using a specially crafted IBMi...
Security Bulletin: The PowerVM hypervisor can allow an attacker that gains service access to the FSP to read and write system memory
Summary On PowerVM systems an attacker that gains service access to the FSP can read and write system memory through a series of carefully crafted service procedures Vulnerability Details CVEID: CVE-2021-38917 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker that gains service access t...
Security Bulletin: The PowerVM hypervisor is vulnerable to a specially crafted sequence of hypervisor calls from a partition that can lead to a system crash
Summary An attacker that gains total control of a virtual machine running on the PowerVM hypervisor could issue a specially crafted sequence of hypervisor calls that will lead to a system crash and and an outage of all virtual machines running on the same system Vulnerability Details CVEID:...
RHEL 7 : Virtualization Manager (RHSA-2019:1046) (Spectre)
An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: rhvm-setup-plugins security and bug fix update
An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2018-1992
The IBM POWER9 boot firmware bootloader contains a buffer overflow in the initial boot image load path that could overwrite its own instruction memory and bypass secure boot protections, allowing trojan installation. Affected products/versions include FW910 boot firmware and OP910/OP920 OpenPOWER...