Tuesday, February 19, 2019

IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931

Power8/Power9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. The P8 and P9 Processors have a “Self Boot Engine” (SBE) that is used to initialize the processor before Primary Boot Firmware takes over the IPL. The SBE’s code is stored on two SBE Seeproms per processor. Code running as Host on a system has access to these SBE Seeproms prior to being write locked by host firmware and can theoretically corrupt the SBE code stored on them. Changes were made to negate this possible corruption.

CVE(s): CVE-2018-8931

Affected product(s) and affected version(s):
Firmware releases FW810, FW830, FW840, FW860 are affected – if in OPAL mode. P9 OpenPOWER release OP910 is affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869128
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140293

The post IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931 appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2EhhkM9

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.