IBMDDE01569C3FC9660FFEA0E506A844A122F48A30C871153FC6C44AB443DE5C5B8Security Bulletin: The PowerVM Platform KeyStore functionality can be compromised if an attacker gains service access to the FSP
EPSS
Percentile
43.8%
Summary
An attacker that gains service access to the FSP can locate and through a series of service procedures decrypt data contained in the Platform KeyStore
Vulnerability Details
CVEID:CVE-2021-29765
**DESCRIPTION:**IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the FSP.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202476 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| PowerVM Hypervisor | FW940 |
| PowerVM Hypervisor | FW950 |
Remediation/Fixes
Customers with the products below should install FW940.30(VL940_071), FW950.10(VL950_072) or above to remediate this concern.
-
IBM Power System S922 (9009-22A, 9009-22G)
-
IBM Power System H922 (9223-22H, 9223-22S)
-
IBM Power System S914 (9009-41A, 9009-41G)
-
IBM Power System S924 (9009-42A, 9009-42G)
-
IBM Power System H924 (9223-42H, 9223-42S)
-
IBM Power System E950 (9040-MR9)
-
IBM Power System E980 (9080-M98, 9080-M9S)
Workarounds and Mitigations
None
Related
EPSS
Percentile
43.8%