CVE-2023-30438 CRITICAL

CVE-2023-30438: IBM PowerVM gain access

Vendor Ibm
Product PowerVM Hypervisor
Published May 17, 2023
Last update January 22, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.

Key dates

02Disclosure timeline

May 17, 2023 CVE published
January 22, 2025 Record updated