critical
9.3
Advisory Published
Updated

CVE-2023-30438: IBM PowerVM gain access

First published: Wed May 17 2023(Updated: )

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.

Credit: psirt@us.ibm.com

Affected SoftwareAffected VersionHow to fix
IBM PowerVM Hypervisor>=fw950<fw950.71
Ibm Power System E950
Ibm Power System E980
Ibm Power System H922
Ibm Power System H924
Ibm Power System L922
Ibm Power System S914
Ibm Power System S922
Ibm Power System S924
IBM PowerVM Hypervisor>=fw1010.00<fw1010.51
IBM PowerVM Hypervisor>=fw1030.00<fw1030.11
Ibm Power System E1080
IBM PowerVM Hypervisor>=fw1020.00<fw1020.31
Ibm Power System E1050
Ibm Power System L1022
Ibm Power System L1024
Ibm Power System S1014
Ibm Power System S1022
Ibm Power System S1022s
Ibm Power System S1024

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203