IBM Support

Security Bulletin: Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)

Created by Rajiv S on

Security Bulletin


Summary

Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)

Vulnerability Details

CVEID: CVE-2016-0797
DESCRIPTION:
OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BN_hex2bn/BN_dec2bn() function. An attacker could exploit this vulnerability using specially crafted data to cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Firmware Versions(840)
840.00: 01SV840_056_056, 01SC840_056_056
840.10: 01SV840_079_056, 01SC840_079_056
840.11: 01SV840_087_056, 01SC840_087_056

Firmware 840 Affected Products:

IBM Power System S822 (8284-22A)
IBM Power System S814 (8286-41A)
IBM Power System S824 (8286-42A)
IBM Power System S812L (8247-21L)
IBM Power System S822L (8247-22L)
IBM Power System S824L (8247-42L)
IBM Power System E850 (8408-E8E)
IBM Power System E870 (9119-MME)
IBM Power System E880 (9119-MHE)

Remediation/Fixes

Customers on Version 840(SV/SC), install 840.20: 01SV840_104_056 or higher, 01SC840_104_056 or higher

The fix can be obtained from FixCentral by specifying the Product as described in the Affected Products and Versions section and fix level as specified in this Remediation/Fixes section.

Get Notified about Future Security Bulletins

References

Off

Change History

Information for version 840 is added

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSDSQ3D","label":"Power System S824 Server (8286-42A)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"42A","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Product":{"code":"SUNSET","label":"PRODUCT REMOVED"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"22L","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSDSQ3D","label":"Power System S824 Server (8286-42A)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"41A","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Product":{"code":"SSGD7C","label":"Power System E880 Server (9119-MHE)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"MME","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Product":{"code":"SSGD7C","label":"Power System E880 Server (9119-MHE)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"MHE","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Product":{"code":"SUNSET","label":"PRODUCT REMOVED"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"21L","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SUNSET","label":"PRODUCT REMOVED"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"42L","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSZ53RS","label":"Power System E870 Server (9119-MME)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB57","label":"Power"}},{"Product":{"code":"SSCX7S","label":"Power System S814 Server (8286-41A)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
19 August 2022

UID

isg3T1023841