High Severity

Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.

Share this post:

PowerVM partition firmware is the portion that executes in each partition during boot. On POWER9 systems an attacker that gains service access to the FSP can compromise partition firmware for any partition configured on the system. On all affected systems an attacker that gains admin authority to a partition can compromise partition firmware for that partition.

CVE(s): CVE-2022-22445

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
PowerVM Hypervisor FW1010 and later
PowerVM Hypervisor FW950 and later

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6604071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224546

More stories

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Event Streams

September 30, 2022 | High Severity

There are a number of vulnerabilities in Node.js that is used by IBM Event Streams. ...read more


Security Bulletin: The IBM® Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104

September 30, 2022 | High Severity

Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM® Engineering Requirements Management DOORS/DWA product versions 9.6.1.x, 9.7.0.x, 9.7.1.x and 9.7.2.x are vulnerable to this attack, it has been addressed in this bulletin. ...read more


Security Bulletin: Multiple Vulnerabilities in Rational Change Fix Pack 04 for 5.3.2

September 30, 2022 | High Severity

Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product. ...read more