PowerKVM is affected by a vulnerability in bluez. IBM has now addressed this vulnerability.
CVEID: CVE-2017-1000250**
DESCRIPTION:** BlueZ could allow a remote attacker to obtain sensitive information, caused by an error in the SDP server. By sending SDP request packets, an attacker could exploit this vulnerability from the bluetoothd process memory.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131859 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
PowerKVM 3.1
Customers can update PowerKVM systems by using “yum update”.
Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 11.
none