PowerKVM may be affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. IBM has released the following updates for PowerKVM in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754.

Vulnerability Details

CVEID: CVE-2017-5753

CVEID: CVE-2017-5715

CVEID: CVE-2017-5754

Affected Products and Versions

Affected Product Name

Affected Versions

—|—
PowerKVM| 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 12.

For PowerKVM 2.1, IBM recommends upgrading to a fixed, supported version of the product.

Workarounds and Mitigations

Important notes:
- These patches provide security for the host, as well as enabling related patches on KVM guests. Users of KVM guests must ensure that guests are patched, shut down, then restarted on a patched host.
- A KVM guest “live migrated” from a patched host to an unpatched host is no longer protected.
- After testing the related host firmware update in the customer’s environment with this PowerKVM patch, and deciding to implement the patch, the customer should install both the firmware update and the PowerKVM patch to all host machines.