CVE-2023-30440

Name of the Vulnerable Software and Affected Versions IBM PowerVM Hypervisor versions FW860.00 through FW860.B3 IBM PowerVM Hypervisor versions FW950.00 through FW950.70 IBM PowerVM Hypervisor versions FW1010.00 through FW1010.50 IBM PowerVM Hypervisor versions FW1020.00 through FW1020.30 IBM PowerVM Hypervisor versions FW1030.00 through FW1030.10

Description The issue allows a local attacker with control of a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption.

Recommendations For IBM PowerVM Hypervisor versions FW860.00 through FW860.B3, update to a version outside of this range to resolve the issue. For IBM PowerVM Hypervisor versions FW950.00 through FW950.70, update to a version outside of this range to resolve the issue. For IBM PowerVM Hypervisor versions FW1010.00 through FW1010.50, update to a version outside of this range to resolve the issue. For IBM PowerVM Hypervisor versions FW1020.00 through FW1020.30, update to a version outside of this range to resolve the issue. For IBM PowerVM Hypervisor versions FW1030.00 through FW1030.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to SRIOV virtual functions to minimize the risk of exploitation.