Rewterz Threat Advisory – CVE-2023-30438 – IBM PowerVM Vulnerability

May 18, 2023

Rewterz Threat Advisory – CVE-2023-28076 – Dell CloudLink Vulnerability

May 18, 2023

Rewterz Threat Advisory – CVE-2023-30438 – IBM PowerVM Vulnerability

Severity

High

Analysis Summary

CVE-2023-30438

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.

Impact

Gain Access

Indicators Of Compromise

CVE

CVE-2023-25927

Affected Vendors

IBM

Affected Products

IBM PowerVM Hypervisor FW950.00
IBM PowerVM Hypervisor FW1010.00
IBM PowerVM Hypervisor FW1020.00
IBM PowerVM Hypervisor FW1030.10
IBM PowerVM Hypervisor FW950.70
IBM PowerVM Hypervisor FW1010.50
IBM PowerVM Hypervisor FW1020.30
IBM PowerVM Hypervisor FW1030.00

Remediation

Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information.

IBM Security Bulletin

Rewterz Threat Advisory – CVE-2023-30438 – IBM PowerVM Vulnerability

Rewterz Threat Advisory – CVE-2023-28076 – Dell CloudLink Vulnerability

Rewterz Threat Advisory – CVE-2023-30438 – IBM PowerVM Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan