CVE-2021-38937 — IBM Powervm Hypervisor vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 58.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Powervm Hypervisor

Timeline

PublishedDec 10

Latest updateDec 11

Description

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/powervm_hypervisorFW1010, FW940, FW950+2

▶NVDibm/powervm_hypervisorfw1010, fw940, fw950+2

🔴Vulnerability Details

GHSA

GHSA-q983-m4fh-gqhm: IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervis↗2021-12-11

▶

CVEList

CVE-2021-38937: IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervis↗2021-12-10

▶