Power8/Power9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. The P8 and P9 Processors have a “Self Boot Engine” (SBE) that is used to initialize the processor before Primary Boot Firmware takes over the IPL. The SBE’s code is stored on two SBE Seeproms per processor. Code running as Host on a system has access to these SBE Seeproms prior to being write locked by host firmware and can theoretically corrupt the SBE code stored on them. Changes were made to negate this possible corruption.
CVE(s): CVE-2018-8931
Affected product(s) and affected version(s):
Firmware releases FW810, FW830, FW840, FW860 are affected – if in OPAL mode. P9 OpenPOWER release OP910 is affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869128
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140293
The post IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931 appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ibm.co/2EhhkM9
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.