CVE-2023-30440

CWE-20Improper Input Validation3 documents3 sources
Severity
7.9HIGH
EPSS
0.0%
top 93.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Powervm Hypervisor
Timeline
PublishedMay 23

Description

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:HExploitability: 1.4 | Impact: 4.7

Affected Packages2 packages

CVEListV5ibm/powervm_hypervisorFW860.00FW860.B3+4
NVDibm/powervm_hypervisorfw860fw860.b3+4

🔴Vulnerability Details

2
GHSA
GHSA-g7gv-6gqh-4hfg: IBM PowerVM Hypervisor FW8602023-05-23
CVEList
IBM PowerVM Hypervisor denial of service2023-05-23
CVE-2023-30440 (HIGH CVSS 7.9) | IBM PowerVM Hypervisor FW860.00 thr | cvebase.io