We would like to inform all our customers (and readers) that a bug has been identified in PowerVM that could lead to a security problem in Power9 and Power10 systems. The main risk is that a malicious actor with user privileges in a logical partition can compromise the isolation between logical partitions without being detected. This could result in data loss or unauthorized code execution on other logical partitions (LPARs) on the same physical server. Technical details can be found at https://www.ibm.com/support/pages/node/6993021
Are all Power servers at risk?
No. Only some IBM Power9 or Power10 models are at risk and always depending on their FW versions. Servers prior to Power9 and those running OP9xx firmware are not exposed to this vulnerability. There is no evidence that this vulnerability has been exploited to gain unauthorized access on any IBM client but it is always better to be safe than sorry :)
When and by whom was this vulnerability found?
The vulnerability was identified by IBM internally. A solution has already been created and thoroughly tested and was launched on May 17 at Fix Central.
What is recommended to customers?
Customers should follow the instructions in Fix Central to download and install the updated firmware.
What would be the impact for productive environments?
The main concern is the possibility of data leakage or unauthorized code running on other logical partitions of the same physical server. We have found no evidence that this vulnerability has been exploited to gain unauthorized access.
Are certain environments more vulnerable than others?
IBM cannot specify which client environments might be most at risk since access to partitions is controlled by the client. However, any environment in which privileged user access has been granted to one or more partitions should be considered potentially vulnerable. In other words, environments with a high density of LPARs, where production and test systems are mixed, are more likely to suffer from this vulnerability.
Can the patch be applied without shutting down the equipment?
The firmware containing the fix can be installed concurrently and will fix this vulnerability on all systems with the exception of a Power10 system running firmware prior to FW1010.10. In this case, the solution must be applied in a disruptive manner, requiring the server to be shut down to install the update and eliminate the vulnerability.
What types of partitions may be affected?
Any IBM Power9 or Power10 server mentioned in the security bulletin that has multiple partitions could be affected. It does not matter how these partitions were created or managed.
Is IBM’s Power Virtual Server (Power VS) environment at risk?
The vulnerability also affected the Power Systems Virtual Server offering on IBM Cloud (Power VS), but the patch has already been applied to remediate it.