Denial of Service Vulnerability in IBM PowerVM Hypervisor
CVE-2021-38937

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 10 December 2021

What is CVE-2021-38937?

IBM PowerVM Hypervisor versions FW940, FW950, and FW1010 are susceptible to a Denial of Service vulnerability that could be exploited by an authenticated user. By sending a specially crafted IBMi Hypervisor call, an attacker can trigger a system crash, leading to potential downtime or interruption of services. This vulnerability could impact the availability and stability of affected systems.

Affected Version(s)

PowerVM Hypervisor FW940

PowerVM Hypervisor FW950

PowerVM Hypervisor FW1010

References

https://www.ibm.com/support/pages/node/6525014

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/210894

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2021
Vulnerability Reserved
Aug 16, 2021