CVE-2023-30440

Summary

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.

Affected Software

VendorProductVersion RangeStatus
IBMPowerVM HypervisorFW860.00 <= FW860.B3affected
IBMPowerVM HypervisorFW950.00 <= FW950.70affected
IBMPowerVM HypervisorFW1010.00 <= FW1010.50affected
IBMPowerVM HypervisorFW1020.00 <= FW1020.30affected
IBMPowerVM HypervisorFW1030.00 <= FW1030.10affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References