Skip to main content

Powervm Hypervisor CVE-2023-30440

HIGH
Improper Input Validation (CWE-20)
2023-05-23 psirt@us.ibm.com
7.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.9 HIGH
AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
CVE Published
May 23, 2023 - 14:15 nvd
HIGH 7.9

DescriptionNVD

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.

AnalysisAI

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. Affected products include: Ibm Powervm Hypervisor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-34331 CRITICAL
9.8 Nov 11

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly conf

CVE-2021-38917 CRITICAL
9.1 Dec 10

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and

CVE-2023-30438 HIGH
8.8 May 17

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privile

CVE-2023-25683 HIGH
7.5 Jun 15

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.0

CVE-2022-22445 MEDIUM
6.5 Jul 18

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise pa

CVE-2021-38937 MEDIUM
6.5 Dec 10

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a s

CVE-2025-36238 MEDIUM
6.0 Feb 02

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administr

CVE-2021-29795 MEDIUM
6.0 Sep 21

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of

CVE-2024-41781 MEDIUM
5.9 Nov 22

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00

CVE-2025-0986 MEDIUM
4.5 Mar 28

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certa

CVE-2021-20505 MEDIUM
4.4 Jul 29

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange

CVE-2025-36035 MEDIUM
6.7 Sep 14

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could all

Share

CVE-2023-30440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy