• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Update On Critical Security Vulnerability In PowerVM

    May 24, 2023 Timothy Prickett Morgan

    Earlier this week, we told you about a very serious security vulnerability in the PowerVM hypervisor when running on Power9 and Power10 systems. IBM found the vulnerability itself and immediately set about to patch the vulnerability, which it revealed on May 17 along with patches to firmware in systems that are managed by the Hardware Management Console, or HMC.

    What was not necessarily apparent was that there are plenty of Power Systems customers who do not have HMCs managing their systems and the logical partitions upon them, and this is particularly true of the IBM i installed base, which is dominated by smaller Power System machines with relatively few logical partitions that are set up through other means, such as the Virtual Partition Manager (PVM) that has been on the box for about a decade and a half.

    Doug Bidwell, our intrepid systems guru as well as the editor of the IBM i PTF Guide has been digging around and on May 22 Big Blue released documentation explaining how to patch standalone Power9 and Power10 servers so this PowerVM security hole is plugged, which you can read here. There are updates for firmware for Power9 standalone machines (designated by MH01951) and Power10 standalone machines (designated by MH01955 and MH01952). Interestingly, firmware patches were also made available for standalone Power8 systems (designated by MH01929 for everything but the high-end Power E870s and E880s (designated by SC860_245_165), but as far as we know Power8 and earlier systems are not affected by this PowerVM vulnerability. Go figure.

    As far as we know, this security vulnerability has not been exploited out there in the wild, but you have to patch your Power9 and Power10 systems if you have not because the very fact that IBM let people know there is a hole means that someone will eventually try to exploit it.

    You can see the PSIRT notice at this link and the Security Bulletin: This Power System firmware update is being released to address CVE 2023-30438 at this link. This has a CVSS base score of 9.3, which means it is critical.

    RELATED STORIES

    Critical Security Vulnerability In PowerVM Hypervisor

    PowerVM, vHMC, HMC, And Cloud Management Console Get Their Tweaks

    Critical Log4j Vulnerability Hits Everything, Including the IBM i Server

    Some Good Advice About Log4j Mitigation Gotchas

    IBM Winds Down PowerVM V2, Nudges Customers To PowerVM V3

    PowerVM: The i Hypervisor Is Not Hidden Anymore

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: Hardware Management Console, HMC, IBM i, IBM i PTF Guide, Power Systems, Power10, Power9, PowerVM

    Sponsored by
    Raz-Lee Security

    iSecurity Multi Factor Authentication (MFA) helps organizations meet compliance standards and improve the existing security environment on IBM i. It requires a user to verify his identity with two or more credentials.

    Key Features:

    • iSecurity provides Multi Factor Authentication as part of the user’s initial program
    • Works with every Authenticator App available in the Market.

    Contact us at https://www.razlee.com/isecurity-multi-factor-authentication/

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Critical Security Vulnerability In PowerVM Hypervisor Four Hundred Monitor, May 24

    Leave a Reply Cancel reply

TFH Volume: 33 Issue: 32

This Issue Sponsored By

  • Maxava
  • ProData
  • PERFSCAN
  • DRV Technologies, Inc.
  • Raz-Lee Security

Table of Contents

  • Fortra Issues 20th State of IBM i Security Report
  • FNTS Launches Managed Services for Power Servers in IBM Cloud
  • Total LTO Shipped Capacity Up Slightly in 2022
  • Four Hundred Monitor, May 24
  • Update On Critical Security Vulnerability In PowerVM

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Power10 Boosts NVM-Express Flash Performance
  • Fortra Completes Postmortem Of GoAnywhere Vulnerability
  • Guru: Binding Directory Entries
  • How Does Your Infrastructure Spending Stack Up To The World?
  • IBM i PTF Guide, Volume 25, Number 22
  • Fortra Issues 20th State of IBM i Security Report
  • FNTS Launches Managed Services for Power Servers in IBM Cloud
  • Total LTO Shipped Capacity Up Slightly in 2022
  • Four Hundred Monitor, May 24
  • Update On Critical Security Vulnerability In PowerVM

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle