Medium Severity

IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931

Share this post:

Power8/Power9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. The P8 and P9 Processors have a “Self Boot Engine” (SBE) that is used to initialize the processor before Primary Boot Firmware takes over the IPL. The SBE’s code is stored on two SBE Seeproms per processor. Code running as Host on a system has access to these SBE Seeproms prior to being write locked by host firmware and can theoretically corrupt the SBE code stored on them. Changes were made to negate this possible corruption.

CVE(s): CVE-2018-8931

Affected product(s) and affected version(s):
Firmware releases FW810, FW830, FW840, FW860 are affected – if in OPAL mode. P9 OpenPOWER release OP910 is affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869128
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140293

More stories

IBM Security Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836)

Mar 15, 2019 10:00 am EDT | Medium Severity

The IBM MQ console has inadequate input validation in one of its forms that could allow an attacker to inject unintended data into fields. CVE(s): CVE-2018-1836 Affected product(s) and affected version(s):IBM MQ v9 CD IBM MQ CD versions 9.0.2 – 9.0.5 IBM MQ v9.1 LTS IBM MQ v9.1 LTS versions 9.1.0.0 – 9.1.0.1 Refer to ...read more


IBM Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199)

Mar 14, 2019 10:00 am EDT | Medium Severity

There is a vulnerability in the IBM HTTP Server used by WebSphere Application Server. CVE(s): CVE-2018-17199 Affected product(s) and affected version(s): This vulnerability affects the following version and release of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products. Version 9.0 Refer to the following reference URLs ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139)

Mar 14, 2019 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s):IBM Tivoli Netcool ...read more