CVE-2021-38917 — CRITICAL (9.1)

Vulnerability Description

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Powervm Hypervisor	fw860

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/210018VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6525010Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/210018VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6525010Vendor Advisory

FAQ

What is CVE-2021-38917?

CVE-2021-38917 is a vulnerability with a CVSS score of 9.1 (CRITICAL). IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted servic...

How severe is CVE-2021-38917?

CVE-2021-38917 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-38917?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Powervm Hypervisor.