CVE-2023-30438

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/252706	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6993021	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:power_system_e950:-:::::::*
	cpe:2.3:h:ibm:power_system_e980:-:::::::*
	cpe:2.3:h:ibm:power_system_h922:-:::::::*
	cpe:2.3:h:ibm:power_system_h924:-:::::::*
	cpe:2.3:h:ibm:power_system_l922:-:::::::*
	cpe:2.3:h:ibm:power_system_s914:-:::::::*
	cpe:2.3:h:ibm:power_system_s922:-:::::::*
	cpe:2.3:h:ibm:power_system_s924:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:ibm:powervm_hypervisor::::::::
	cpe:2.3:o:ibm:powervm_hypervisor::::::::

cpe:2.3:h:ibm:power_system_e1080:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:ibm:powervm_hypervisor::::::::
	cpe:2.3:o:ibm:powervm_hypervisor::::::::

OR	cpe:2.3:h:ibm:power_system_e1050:-:::::::*
	cpe:2.3:h:ibm:power_system_l1022:-:::::::*
	cpe:2.3:h:ibm:power_system_l1024:-:::::::*
	cpe:2.3:h:ibm:power_system_s1014:-:::::::*
	cpe:2.3:h:ibm:power_system_s1022:-:::::::*
	cpe:2.3:h:ibm:power_system_s1022s:-:::::::*
	cpe:2.3:h:ibm:power_system_s1024:-:::::::*

History

25 May 2023, 19:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Ibm power System L922 Ibm power System E1080 Ibm Ibm power System S1022 Ibm power System S1014 Ibm power System L1022 Ibm power System S1024 Ibm power System S922 Ibm power System S914 Ibm power System E950 Ibm power System E980 Ibm power System E1050 Ibm power System H922 Ibm powervm Hypervisor Ibm power System S1022s Ibm power System H924 Ibm power System S924 Ibm power System L1024
References	~~(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 -~~	(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 - VDB Entry, Vendor Advisory
References	~~(MISC) https://www.ibm.com/support/pages/node/6993021 -~~	(MISC) https://www.ibm.com/support/pages/node/6993021 - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:h:ibm:power_system_s914:-:::::::* cpe:2.3:h:ibm:power_system_e1050:-:::::::* cpe:2.3:h:ibm:power_system_e950:-:::::::* cpe:2.3:h:ibm:power_system_s1022s:-:::::::* cpe:2.3:h:ibm:power_system_h922:-:::::::* cpe:2.3:h:ibm:power_system_e980:-:::::::* cpe:2.3:h:ibm:power_system_s1022:-:::::::* cpe:2.3:h:ibm:power_system_s924:-:::::::* cpe:2.3:h:ibm:power_system_s922:-:::::::* cpe:2.3:h:ibm:power_system_l1022:-:::::::* cpe:2.3:o:ibm:powervm_hypervisor:::::::: cpe:2.3:h:ibm:power_system_s1014:-:::::::* cpe:2.3:h:ibm:power_system_e1080:-:::::::* cpe:2.3:h:ibm:power_system_h924:-:::::::* cpe:2.3:h:ibm:power_system_l1024:-:::::::* cpe:2.3:h:ibm:power_system_l922:-:::::::* cpe:2.3:h:ibm:power_system_s1024:-:::::::*

17 May 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-17 13:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-30438

Mitre link : CVE-2023-30438

CVE.ORG link : CVE-2023-30438

JSON object : View

Products Affected

ibm

powervm_hypervisor
power_system_h924
power_system_l1022
power_system_e980
power_system_l1024
power_system_e1080
power_system_s924
power_system_e1050
power_system_s1014
power_system_s1022
power_system_s1022s
power_system_s922
power_system_h922
power_system_s1024
power_system_e950
power_system_s914
power_system_l922

CWE

NVD-CWE-noinfo

8.8 /10