Isolation Violation in IBM PowerVM Hypervisor
CVE-2021-38918

8.6HIGH

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 5 January 2022

Summary

The vulnerability allows for a specific sequence of VM management operations within IBM PowerVM Hypervisor to compromise the isolation between virtual machines (VMs). This issue can potentially enable unauthorized access or interference between peer VMs, raising significant security concerns in multi-tenant environments.

Affected Version(s)

PowerVM Hypervisor FW940

PowerVM Hypervisor FW950

PowerVM Hypervisor FW860

References

https://www.ibm.com/support/pages/node/6525032

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/210019

vdb-entryx_refsource_XF

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 5, 2022
Vulnerability Reserved
Aug 16, 2021