CVSS: 4.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0986 – IBM PowerVM Hypervisor data manipulation
https://notcve.org/view.php?id=CVE-2025-0986
28 Mar 2025 — IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration. • https://www.ibm.com/support/pages/node/7229349 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41781 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2024-41781
22 Nov 2024 — IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. La funcionalidad de IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1030.00 a F... • https://www.ibm.com/support/pages/node/7172698 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46183 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-46183
06 Feb 2024 — IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695. IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1020.00 a FW1020.40 y FW1030.00 a FW1030.30 podrían permitir a un administrador del sistema obtener información confidencial de la partición. ID de IBM X-Force: 269695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33851 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-33851
04 Feb 2024 — IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1020.00 a FW1020.40 y FW1030.00 a FW1030.30 podrían revelar datos de partición confidenciales a un administrador del sistema. ID de IBM X-Force: 257135. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257135 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25683 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-25683
15 Jun 2023 — IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247592 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30440 – IBM PowerVM Hypervisor denial of service
https://notcve.org/view.php?id=CVE-2023-30440
23 May 2023 — IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253175 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2023-30438 – IBM PowerVM gain access
https://notcve.org/view.php?id=CVE-2023-30438
17 May 2023 — An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34331 – IBM Power FW security bypass
https://notcve.org/view.php?id=CVE-2022-34331
11 Nov 2022 — After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. Después de realizar una secuencia de operaciones de mantenimiento de Power FW950, FW1010, es posible que un adaptador de red SRIOV esté configurado incorrectamente, lo que provocará que se desactive la configuración VEPA deseada. ID de IBM X-Force: 229695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229695 • CWE-287: Improper Authentication •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22445
https://notcve.org/view.php?id=CVE-2022-22445
18 Jul 2022 — An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. Un atacante que obtenga acceso de servicio al FSP (sólo en POWER9) o que obtenga autoridad de administrador en una partición puede comprometer el firmware de la partición • https://exchange.xforce.ibmcloud.com/vulnerabilities/224546 •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38918
https://notcve.org/view.php?id=CVE-2021-38918
05 Jan 2022 — IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. IBM PowerVM Hypervisor FW860, FW940, FW950 y FW1010, mediante una secuencia específica de operaciones de administración de máquinas virtuales podría conllevar a una violación del aislamiento entre máquinas virtuales iguales. IBM X-Force ID: 210019. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210019 •