High Severity

Potential CPU Security Issue

Share this post:

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously.

Patches will be made available for IBM systems via our normal customer portals. Further details concerning potentially impacted processors in the POWER family can be found here.  Per our business as usual process, all information for IBM Z clients can be found at the IBM Z Portal.

IBM Storage appliances are not impacted by this vulnerability.  For Storage, further details concerning this vulnerability can be found here.

Additional information will be provided through normal IBM communications channels, including IBM Security Bulletins. Please actively monitor both your IBM Support Portal and the IBM PSIRT Blog.

The most immediate action clients can take to protect themselves is to prevent execution of unauthorized software on any system that handles sensitive data, including adjacent virtual machines.

We will continue to update this blog to include additional information as appropriate.

More High Severity stories

IBM Security Bulletin: IBM Db2 Mirror for i is affected by CVE-2019-4536

Aug 24, 2019 9:01 am EDT | Medium Severity

IBM Db2 Mirror for i configurations may be subject to this security vulnerability. A PTF for IBM i 7.4 and remediation steps are available. CVE(s): CVE-2019-4536 Affected product(s) and affected version(s):IBM i 7.4 with Db2 Mirror for i might be affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm11071586X-Force ...read more


IBM Security Bulletin: IBM Cloud Automation Manager is affected by a forbidden resouce redirect for bad API path CVE-2019-4132

Aug 24, 2019 9:00 am EDT | Medium Severity

IBM Cloud Automation Manager will redirect when a bad API path is requested rather than issuing a 404. User may expect an error but be redirected to a home page instead. CVE(s): CVE-2019-4132 Affected product(s) and affected version(s):IBM Cloud Automation Manager 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter (CVE-2019-12735)

Aug 23, 2019 9:01 am EDT | High Severity

There is a security vulnerability that affects Red Hat Linux used by IBM WebSphere Application Server in the IBM Cloud. CVE(s): CVE-2019-12735 Affected product(s) and affected version(s): These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter: 2.0 3.0 Refer to the following reference URLs for ...read more