Security Bulletin
Summary
PowerKVM may be affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. IBM has released the following updates for PowerKVM in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754.
Affected Products and Versions
Affected Product Name | Affected Versions |
| PowerKVM | 3.1 |
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 12.
For PowerKVM 2.1, IBM recommends upgrading to a fixed, supported version of the product.
Workarounds and Mitigations
Important notes:
- These patches provide security for the host, as well as enabling related patches on KVM guests. Users of KVM guests must ensure that guests are patched, shut down, then restarted on a patched host.
- A KVM guest "live migrated" from a patched host to an unpatched host is no longer protected.
- After testing the related host firmware update in the customer’s environment with this PowerKVM patch, and deciding to implement the patch, the customer should install both the firmware update and the PowerKVM patch to all host machines.
Get Notified about Future Security Bulletins
References
Change History
19 January 2018- Initial Version
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1026853