IBM has released the following Unified Extensible Firmware Interface (UEFI) fix for System x and BladeCenter systems in response to the following denial of service vulnerability.
CVEID: CVE-2019-6155 DESCRIPTION: IBM System x and IBM BladeCenter systems are vulnerable to a denial of service, caused by a flaw in the SMI Handler. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159885> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Product
|
Affected Version
—|—
BladeCenter HS23E 8038/8039
|
ahe1
System x3630 M4 7158
System x3530 M4 7160
|
bee1
System x3650 M4 BD 5466
|
yoe1
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/
Product
|
Fix Version
—|—
BladeCenter HS23E 8038/8039
(ibm_fw_uefi_ahe164c-3.00_anyos_32-64)
|
ahe164c-3.00
System x3630 M4 7158
System x3530 M4 7160
(ibm_fw_uefi_bee168c-3.20_anyos_32-64)
|
bee168c-3.20
System x3650 M4 BD 5466
(ibm_fw_uefi_yoe130c-2.40_anyos_32-64)
|
yoe130c-2.40
None
CPE | Name | Operator | Version |
---|---|---|---|
system x->microsoft datacenter | eq | any | |
system x blades | eq | any |