IBM5ABBE843D5473F84701A149FDD2447740021751A1E090AA1971700BA2E2007E5Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2019-6155)
0.001 Low
EPSS
Percentile
41.0%
Summary
IBM has released the following Unified Extensible Firmware Interface (UEFI) fix for System x and BladeCenter systems in response to the following denial of service vulnerability.
Vulnerability Details
CVEID: CVE-2019-6155 DESCRIPTION: IBM System x and IBM BladeCenter systems are vulnerable to a denial of service, caused by a flaw in the SMI Handler. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159885> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Product
|
Affected Version
—|—
BladeCenter HS23E 8038/8039
|
ahe1
System x3630 M4 7158
System x3530 M4 7160
|
bee1
System x3650 M4 BD 5466
|
yoe1
Remediation/Fixes
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/
Product
|
Fix Version
—|—
BladeCenter HS23E 8038/8039
(ibm_fw_uefi_ahe164c-3.00_anyos_32-64)
|
ahe164c-3.00
System x3630 M4 7158
System x3530 M4 7160
(ibm_fw_uefi_bee168c-3.20_anyos_32-64)
|
bee168c-3.20
System x3650 M4 BD 5466
(ibm_fw_uefi_yoe130c-2.40_anyos_32-64)
|
yoe130c-2.40
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| system x->microsoft datacenter | eq | any | |
| system x blades | eq | any |
Related
0.001 Low
EPSS
Percentile
41.0%