Data Loss Vulnerability in IBM PowerVM Hypervisor Components
CVE-2025-0986

4.5MEDIUM

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 28 March 2025

Summary

A vulnerability exists in certain versions of IBM PowerVM Hypervisor that may allow a local user, particularly in specific Linux processor compatibility mode configurations, to potentially cause undetected data loss or errors during gzip compression operations utilizing hardware acceleration. This issue emphasizes the need for users to assess their system configurations and apply mitigations to safeguard data integrity during compression tasks.

Affected Version(s)

PowerVM Hypervisor FW1050.00

PowerVM Hypervisor FW1060.00

References

https://www.ibm.com/support/pages/node/7229349

vendor-advisory

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Feb 3, 2025