High Severity

Potential CPU Security Issue

Share this post:

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously.

Patches will be made available for IBM systems via our normal customer portals. Further details concerning potentially impacted processors in the POWER family can be found here.  Per our business as usual process, all information for IBM Z clients can be found at the IBM Z Portal.

IBM Storage appliances are not impacted by this vulnerability.  For Storage, further details concerning this vulnerability can be found here.

Additional information will be provided through normal IBM communications channels, including IBM Security Bulletins. Please actively monitor both your IBM Support Portal and the IBM PSIRT Blog.

The most immediate action clients can take to protect themselves is to prevent execution of unauthorized software on any system that handles sensitive data, including adjacent virtual machines.

We will continue to update this blog to include additional information as appropriate.

More High Severity stories

IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v

Apr 20, 2019 9:00 am EDT | High Severity

AT&T has released version 1801-v for the Vyatta 5600. Details of this release can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches CVE(s): CVE-2018-8905, CVE-2018-7456, CVE-2018-5784, CVE-2018-18557, CVE-2018-1710, CVE-2018-16335, CVE-2018-15209, CVE-2018-10963, CVE-2017-17095, CVE-2017-11613, CVE-2018-19788, CVE-2018-19628, CVE-2018-19627, CVE-2018-18226, CVE-2018-18225, CVE-2018-12086, CVE-2018-16866, CVE-2018-16865, CVE-2018-16864, CVE-2019-6250, CVE-2018-19967, CVE-2018-19965, CVE-2018-19962, CVE-2018-19961, CVE-2019-3462, CVE-2018-0737, CVE-2018-0735, CVE-2018-0734, CVE-2018-0732, CVE-2018-5407, CVE-2018-19966 Affected product(s) and affected version(s):VRA ...read more

IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901)

Apr 20, 2019 9:00 am EDT | Medium Severity

There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system. CVE(s): CVE-2018-1901 Affected product(s) and affected version(s):The Elastic Storage Server 5.3 thru The Elastic Storage Server 5.0.0 thru 5.2.5 The Elastic Storage Server 4.5.0 thru 4.6.0 ...read more

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547)

Apr 19, 2019 9:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. CVE(s): CVE-2018-3180, CVE-2018-12547 Affected product(s) and affected version(s): IBM Cognos TM1 10.2.2 Refer to the following reference URLs for remediation and ...read more