Rewterz Threat Alert – A Threat from the Shadows of LokiLocker, BlackBit Ransomware Being Distributed In Korea – Active IOCs
May 17, 2023Rewterz Threat Advisory – CVE-2023-30438 – IBM PowerVM Vulnerability
May 18, 2023Rewterz Threat Alert – A Threat from the Shadows of LokiLocker, BlackBit Ransomware Being Distributed In Korea – Active IOCs
May 17, 2023Rewterz Threat Advisory – CVE-2023-30438 – IBM PowerVM Vulnerability
May 18, 2023Severity
High
Analysis Summary
CVE-2023-30438
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-25927
Affected Vendors
IBM
Affected Products
- IBM PowerVM Hypervisor FW950.00
- IBM PowerVM Hypervisor FW1010.00
- IBM PowerVM Hypervisor FW1020.00
- IBM PowerVM Hypervisor FW1030.10
- IBM PowerVM Hypervisor FW950.70
- IBM PowerVM Hypervisor FW1010.50
- IBM PowerVM Hypervisor FW1020.30
- IBM PowerVM Hypervisor FW1030.00
Remediation
Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information.