CVE-2024-41781

Name of the Vulnerable Software and Affected Versions IBM PowerVM Hypervisor versions FW950.00 through FW950.90 IBM PowerVM Hypervisor versions FW1030.00 through FW1030.60 IBM PowerVM Hypervisor versions FW1050.00 through FW1050.20 IBM PowerVM Hypervisor versions FW1060.00 through FW1060.10

Description The issue allows an attacker to compromise the functionality of the IBM PowerVM Platform KeyStore if they gain service access to the HMC. An attacker with service access to the HMC can locate and decrypt data contained in the Platform KeyStore through a series of service procedures.

Recommendations For versions FW950.00 through FW950.90, restrict access to the HMC to minimize the risk of exploitation. For versions FW1030.00 through FW1030.60, consider implementing additional security measures to protect the Platform KeyStore. For versions FW1050.00 through FW1050.20, limit the use of service procedures that can access the Platform KeyStore. For versions FW1060.00 through FW1060.10, review and secure the HMC service access to prevent unauthorized access to the Platform KeyStore. At the moment, there is no information about a newer version that contains a fix for this vulnerability.