CVE-2023-30438: IBM PowerVM gain access
First published: Wed May 17 2023(Updated: )
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM PowerVM Hypervisor Firmware | >=fw950<fw950.71 | |
| IBM Power System e950 | ||
| IBM Power System e980 | ||
| IBM Power System H922 (9223-22H) | ||
| IBM Power System H924 (9223-42s) | ||
| IBM Power System L922 (9008-22l) | ||
| IBM Power System S914 | ||
| IBM POWER Systems S922 Firmware | ||
| IBM Power System S924 (9009-42A) | ||
| IBM PowerVM Hypervisor Firmware | >=fw1010.00<fw1010.51 | |
| IBM PowerVM Hypervisor Firmware | >=fw1030.00<fw1030.11 | |
| IBM Power System e1080 | ||
| IBM PowerVM Hypervisor Firmware | >=fw1020.00<fw1020.31 | |
| IBM Power Systems E1050 | ||
| IBM Power System L1022 | ||
| IBM Power System L1024 | ||
| IBM Power System S1014 | ||
| IBM Power System S1022 | ||
| IBM Power System S1022 | ||
| IBM Power System S1024 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-30438?
CVE-2023-30438 is considered to be of high severity due to its potential to allow data leakage between logical partitions.
How do I fix CVE-2023-30438?
To fix CVE-2023-30438, apply the latest firmware updates for the IBM PowerVM Hypervisor.
Which systems are affected by CVE-2023-30438?
CVE-2023-30438 affects IBM Power9 and Power10 systems running specific versions of the PowerVM Hypervisor.
Can attackers exploit CVE-2023-30438 remotely?
No, attackers need privileged user access to a logical partition for exploiting CVE-2023-30438.
What are the potential impacts of CVE-2023-30438?
The potential impacts of CVE-2023-30438 include data leakage and compromised isolation between logical partitions.
- agent/references
- agent/type
- agent/title
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm powervm hypervisor firmware
- version/ibm powervm hypervisor firmware/fw950
- canonical/ibm power system e950
- canonical/ibm power system e980
- canonical/ibm power system h922 (9223-22h)
- canonical/ibm power system h924 (9223-42s)
- canonical/ibm power system l922 (9008-22l)
- canonical/ibm power system s914
- canonical/ibm power systems s922 firmware
- canonical/ibm power system s924 (9009-42a)
- version/ibm powervm hypervisor firmware/fw1010.00
- version/ibm powervm hypervisor firmware/fw1030.00
- canonical/ibm power system e1080
- version/ibm powervm hypervisor firmware/fw1020.00
- canonical/ibm power systems e1050
- canonical/ibm power system l1022
- canonical/ibm power system l1024
- canonical/ibm power system s1014
- canonical/ibm power system s1022
- canonical/ibm power system s1024