CVE-2023-30438
CRITICALIBM PowerVM Hypervisor fw950-fw950.71 - Authenticated Logical Partition Isolation Bypass
Title source: llmDescription
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/6993021
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/252706
Scores
CVSS v3
9.3
EPSS
0.0015
EPSS Percentile
35.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (1)
ibm/powervm_hypervisor
fw950 - fw950.71
Published
May 17, 2023
Tracked Since
Feb 18, 2026