Feb 19, 2019 9:00 am EDT
Categorized: Medium Severity
Share this post:
Power8/Power9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. The P8 and P9 Processors have a “Self Boot Engine” (SBE) that is used to initialize the processor before Primary Boot Firmware takes over the IPL. The SBE’s code is stored on two SBE Seeproms per processor. Code running as Host on a system has access to these SBE Seeproms prior to being write locked by host firmware and can theoretically corrupt the SBE code stored on them. Changes were made to negate this possible corruption.
Affected product(s) and affected version(s):
Firmware releases FW810, FW830, FW840, FW860 are affected – if in OPAL mode. P9 OpenPOWER release OP910 is affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869128
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140293