CVE-2021-20505

Name of the Vulnerable Software and Affected Versions: PowerVM Hypervisor versions FW920 through FW950

Description: The encryption key exchange protocol used by the PowerVM Logical Partition Mobility (LPM) can be compromised. An attacker who can capture encrypted LPM network traffic and gain service access to the FSP can use this information to perform a series of PowerVM service procedures, allowing them to decrypt the captured migration traffic.

Recommendations: For PowerVM Hypervisor versions FW920 through FW950, update to a version that includes a fix for the compromised encryption key exchange protocol to prevent decryption of captured migration traffic. At the moment, there is no information about a newer version that contains a fix for this vulnerability.