CVE-2021-29795 — Injection in IBM Powervm Hypervisor

CWE-74 — Injection3 documents3 sources

Severity

6.0MEDIUMNVD

EPSS

0.0%

top 88.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Powervm Hypervisor

Timeline

PublishedSep 21

Latest updateMay 24

Description

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5ibm/powervm_hypervisor4 versions+3

▶NVDibm/powervm_hypervisor4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-jc84-3h2h-pgxj: IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a parti↗2022-05-24

▶

CVEList

CVE-2021-29795: IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a parti↗2021-09-21

▶