POWER8/POWER9: In response to a potential issue with validation checking of IBM firmware, a new firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-13787.
CVEID: ****CVE-2018-13787
DESCRIPTION: Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
CVSS Base Score: 7.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146119> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
The firmware update can be obtained from _ FixCentral_ by specifying the Product and fix level as specified in this Remediation section.
P9 OpenPower release OP910 is affected
P8 OpenPower OP815 and OP825 are affected.
Customers with the product below running OP910, install OP910.30
Customers with the product below running OP910, install OP910.31
IBM Power System AC922 (8335-GTC)
IBM Power System AC922 (8335-GTW)
Customer with the products below running OP815 or OP825, install OP825.30 - v3.07_hmc
Customer with the products below running OP825, install OP825.30 - v3.07
IBM Power System S821LC (8001-12C)
IBM Power System S822LC (8001-22C)
Customer with the products below running OP825, install OP825.41 -v3.09
IBM Power Hyperconverged Systems with Nutanix CS821(8005-12N)
IBM Power Hyperconverged Systems with Nutanix CS822 (8005-22N)