High Severity

Potential CPU Security Issue

Share this post:

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously.

Patches will be made available for IBM systems via our normal customer portals. Further details concerning potentially impacted processors in the POWER family can be found here.  Per our business as usual process, all information for IBM Z clients can be found at the IBM Z Portal.

IBM Storage appliances are not impacted by this vulnerability.  For Storage, further details concerning this vulnerability can be found here.

Additional information will be provided through normal IBM communications channels, including IBM Security Bulletins. Please actively monitor both your IBM Support Portal and the IBM PSIRT Blog.

The most immediate action clients can take to protect themselves is to prevent execution of unauthorized software on any system that handles sensitive data, including adjacent virtual machines.

We will continue to update this blog to include additional information as appropriate.

More High Severity stories

IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Jan 23, 2019 9:01 am EST | High Severity

Multiple Node.js vulnerabilities were disclosed by the Node.js project. Node.js is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. CVE(s): CVE-2018-0734, CVE-2018-0735, CVE-2018-5407, CVE-2018-12116, CVE-2018-12123, CVE-2018-12120, CVE-2018-12121, CVE-2018-12122 Affected product(s) and affected version(s): Rational Application Developer 9.1 Rational ...read more


IBM Security Bulletin: IBM Security Identity Manager is affected by a vulnerability (CVE-2018-1959)

Jan 23, 2019 9:01 am EST | Medium Severity

IBM Security Identity Manager VA (ISIM VA) has addressed the following vulnerability due to hard-coded credentials. CVE(s): CVE-2018-1959 Affected product(s) and affected version(s): Product Version IBM Security Identity Manager VA 7.0.1 – 7.0.1.10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10796380X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153633 ...read more


IBM Security Bulletin: Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755)

Jan 23, 2019 9:01 am EST | High Severity

Server Automation has addressed the following vulnerabilities against the REST module. CVE(s): CVE-2018-8039, CVE-2018-1683, CVE-2018-1755 Affected product(s) and affected version(s): Server Automation REST module, Version 9.5.49 or older. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10743011X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145455X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148597 ...read more