CVE-2023-30438
Last modified
CVE-2023-30438 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Powervm Hypervisor | >= fw950, < fw950.71 |
| Ibm | Powervm Hypervisor | >= fw1010.00, < fw1010.51 |
| Ibm | Powervm Hypervisor | >= fw1030.00, < fw1030.11 |
| Ibm | Powervm Hypervisor | >= fw1020.00, < fw1020.31 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/252706VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6993021Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/252706VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6993021Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-30438?
How severe is CVE-2023-30438?
How do I fix CVE-2023-30438?
Are you affected by CVE-2023-30438?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST