Medium Severity

IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931

Share this post:

Power8/Power9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. The P8 and P9 Processors have a “Self Boot Engine” (SBE) that is used to initialize the processor before Primary Boot Firmware takes over the IPL. The SBE’s code is stored on two SBE Seeproms per processor. Code running as Host on a system has access to these SBE Seeproms prior to being write locked by host firmware and can theoretically corrupt the SBE code stored on them. Changes were made to negate this possible corruption.

CVE(s): CVE-2018-8931

Affected product(s) and affected version(s):
Firmware releases FW810, FW830, FW840, FW860 are affected – if in OPAL mode. P9 OpenPOWER release OP910 is affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869128
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140293

More stories

IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM

May 18, 2019 9:01 am EDT | Medium Severity

PowerKVM is affected by a vulnerability in libsoup. IBM has now addressed this vulnerability. CVE(s): CVE-2018-12910 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879787X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147348 ...read more


IBM Security Bulletin: Vulnerabiliies in ghostscript affect PowerKVM

May 18, 2019 9:01 am EDT | Medium Severity

PowerKVM is affected by vulnerabilities in ghostscript. IBM has now addressed these vulnerabilities. CVE(s): CVE-2019-3838, CVE-2019-3835 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10878987X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158503X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158502 ...read more


IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM

May 18, 2019 9:01 am EDT | Medium Severity

PowerKVM is affected by a vulnerability in OpenSSL. IBM has now addressed this vulnerability. CVE(s): CVE-2018-5407 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879791X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484 ...read more