CVE-2018-1992: Buffer Overflow
First published: Thu Mar 21 2019(Updated: )
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Power System S922 \(9009-22a\) Firmware | <fw910.10 | |
| Ibm Power System S922 \(9009-22a\) | ||
| Ibm Power System H922 \(9223-22h\) Firmware | <fw910.10 | |
| Ibm Power System H922 \(9223-22h\) | ||
| Ibm Power System S914 \(9009-41a\) Firmware | <fw910.10 | |
| Ibm Power System S914 \(9009-41a\) | ||
| Ibm Power System S924 \(9009-42a\) Firmware | <fw910.10 | |
| Ibm Power System S924 \(9009-42a\) | ||
| Ibm Power System H924 \(9223-42h\) Firmware | <fw910.10 | |
| Ibm Power System H924 \(9223-42h\) | ||
| Ibm Power System L922 \(9008-22l\) Firmware | <fw910.10 | |
| Ibm Power System L922 \(9008-22l\) | ||
| Ibm Power System Ac922 \(8335-gtg\) Firmware | <op910.30 | |
| Ibm Power System Ac922 \(8335-gtg\) | ||
| Ibm Power System Ac922 \(8335-gth\) Firmware | <op920.10 | |
| Ibm Power System Ac922 \(8335-gth\) | ||
| Ibm Power System Ac922 \(8335-gtx\) Firmware | <op920.10 | |
| Ibm Power System Ac922 \(8335-gtx\) | ||
| Ibm Power System Lc921 \(9006-12p\) Firmware | <op920.10 | |
| Ibm Power System Lc921 \(9006-12p\) | ||
| Ibm Power System Lc922 \(9006-22p\) Firmware | <op920.10 | |
| Ibm Power System Lc922 \(9006-22p\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm power system s922 \(9009-22a\) firmware
- canonical/ibm power system s922 \(9009-22a\)
- canonical/ibm power system h922 \(9223-22h\) firmware
- canonical/ibm power system h922 \(9223-22h\)
- canonical/ibm power system s914 \(9009-41a\) firmware
- canonical/ibm power system s914 \(9009-41a\)
- canonical/ibm power system s924 \(9009-42a\) firmware
- canonical/ibm power system s924 \(9009-42a\)
- canonical/ibm power system h924 \(9223-42h\) firmware
- canonical/ibm power system h924 \(9223-42h\)
- canonical/ibm power system l922 \(9008-22l\) firmware
- canonical/ibm power system l922 \(9008-22l\)
- canonical/ibm power system ac922 \(8335-gtg\) firmware
- canonical/ibm power system ac922 \(8335-gtg\)
- canonical/ibm power system ac922 \(8335-gth\) firmware
- canonical/ibm power system ac922 \(8335-gth\)
- canonical/ibm power system ac922 \(8335-gtx\) firmware
- canonical/ibm power system ac922 \(8335-gtx\)
- canonical/ibm power system lc921 \(9006-12p\) firmware
- canonical/ibm power system lc921 \(9006-12p\)
- canonical/ibm power system lc922 \(9006-22p\) firmware
- canonical/ibm power system lc922 \(9006-22p\)