Firmware Compromise in IBM POWER9 due to Service Access
CVE-2022-22445

7.6HIGH

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 15 July 2022

What is CVE-2022-22445?

An attacker with service access to the IBM POWER9 system or administrative authority over a partition can exploit the vulnerability to bypass security measures, potentially compromising the firmware. This could allow unauthorized manipulation of critical system functions, posing significant risks to data integrity and operational reliability.

Affected Version(s)

PowerVM Hypervisor FW1010

PowerVM Hypervisor FW950

References

https://www.ibm.com/support/pages/node/6604071

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/224546

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2022
Vulnerability Reserved
Jan 3, 2022