Input validation error in PowerVM Hypervisor - CVE-2023-30438
Published: June 20, 2023
Vulnerability identifier: #VU77543
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-30438
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PowerVM Hypervisor
PowerVM Hypervisor
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a local user to obtain sensitive information or execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user with access to a logical partition can perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.
Remediation
Install updates from vendor's website.