IBM Support

Security Bulletin: PowerKVM has released updates in response to the vulnerabilities known as Spectre and Meltdown.

Created by Igets Administrator on
Published URL:
https://www.ibm.com/support/pages/node/633911
633911

Security Bulletin


Summary

PowerKVM may be affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. IBM has released the following updates for PowerKVM in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754.

Vulnerability Details

CVEID: CVE-2017-5753


CVEID: CVE-2017-5715




CVEID: CVE-2017-5754

Affected Products and Versions

Affected Product Name

Affected Versions
PowerKVM3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 12.



For PowerKVM 2.1, IBM recommends upgrading to a fixed, supported version of the product.

Workarounds and Mitigations

Important notes:
- These patches provide security for the host, as well as enabling related patches on KVM guests. Users of KVM guests must ensure that guests are patched, shut down, then restarted on a patched host.
- A KVM guest "live migrated" from a patched host to an unpatched host is no longer protected.
- After testing the related host firmware update in the customer’s environment with this PowerKVM patch, and deciding to implement the patch, the customer should install both the firmware update and the PowerKVM patch to all host machines.

Get Notified about Future Security Bulletins

References

Off

Change History

19 January 2018- Initial Version

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSZJY4","label":"PowerKVM"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.1","Edition":"KVM","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
17 June 2018

UID

isg3T1026853