Input validation error in PowerVM Hypervisor - CVE-2023-30438

 

Input validation error in PowerVM Hypervisor - CVE-2023-30438

Published: June 20, 2023


Vulnerability identifier: #VU77543
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-30438
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
PowerVM Hypervisor

Detailed vulnerability description

The vulnerability allows a local user to obtain sensitive information or execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user with access to a logical partition can perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.


How to mitigate CVE-2023-30438

Install updates from vendor's website.

Sources