medium
6.9
CWE
119
Advisory Published
Updated

CVE-2018-1992: Buffer Overflow

First published: Thu Mar 21 2019(Updated: )

The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.

Credit: psirt@us.ibm.com

Affected SoftwareAffected VersionHow to fix
IBM Power system s922 (9009-22a) firmware<fw910.10
IBM Power system s922 (9009-22a)
IBM Power system h922 (9223-22h) firmware<fw910.10
IBM Power system h922 (9223-22h)
IBM Power System S914 (9009-41a) firmware<fw910.10
IBM Power System S914
IBM Power System S924 (9009-42a) firmware<fw910.10
IBM Power System S924 (9009-42A)
IBM Power system h924 (9223-42h) firmware<fw910.10
IBM Power System H924 (9223-42h)
IBM Power System L922 (9008-22L) Firmware<fw910.10
IBM Power System L922 (9008-22L)
IBM Power System AC922 (8335-GTG) Firmware<op910.30
IBM Power System AC922 (8335-GTG)
IBM Power System AC922 (8335-GTH) Firmware<op920.10
IBM Power System AC922 (8335-GTH)
IBM Power System AC922 (8335-GTX) Firmware<op920.10
IBM Power System AC922 (8335-GTX)
IBM Power system lc921 (9006-12p) firmware<op920.10
IBM Power System LC921 (9006-12P)
IBM Power System LC922 (9006-22P) Firmware<op920.10
IBM Power System LC922 (9006-22P)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-1992?

    The severity of CVE-2018-1992 is classified as critical due to its buffer overflow vulnerability in bootloader firmware.

  • How do I fix CVE-2018-1992?

    To fix CVE-2018-1992, update the affected IBM Power systems firmware to the latest version that addresses the vulnerability.

  • Which IBM Power systems are affected by CVE-2018-1992?

    CVE-2018-1992 affects several IBM Power systems including the S922, H922, S914, S924, H924, L922, and specific AC922 models.

  • What types of attacks could exploit CVE-2018-1992?

    Exploitation of CVE-2018-1992 could allow an attacker to execute arbitrary code and compromise the integrity of the system.

  • Is there a workaround for CVE-2018-1992 before applying the fix?

    Currently, there are no recommended workarounds for CVE-2018-1992, and applying the firmware update is the best course of action.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203