CVE-2018-1992
6.4
Vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.5 / Impact: 5.9
Source: NVD
Description
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
Affected (11)
Products: Ibm: Power System S922 (9009 22a) Firmware, Power System H922 (9223 22h) Firmware, Power System S914 (9009 41a) Firmware, Power System S924 (9009 42a) Firmware, Power System H924 (9223 42h) Firmware, Power System L922 (9008 22l) Firmware, Power System Ac922 (8335 Gtg) Firmware, Power System Ac922 (8335 Gth) Firmware, Power System Ac922 (8335 Gtx) Firmware, Power System Lc921 (9006 12p) Firmware, Power System Lc922 (9006 22p) Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before fw910.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System S922 (9009 22a) | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before fw910.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System H922 (9223 22h) | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before fw910.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System S914 (9009 41a) | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before fw910.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System S924 (9009 42a) | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before fw910.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System H924 (9223 42h) | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before fw910.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System L922 (9008 22l) | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before op910.30 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System Ac922 (8335 Gtg) | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before op920.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System Ac922 (8335 Gth) | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before op920.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System Ac922 (8335 Gtx) | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before op920.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System Lc921 (9006 12p) | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before op920.10 |
| Running on/with | Platform Versions |
|---|---|
Ibm Power System Lc922 (9006 22p) | All versions |
References (4)
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.