CVE-2018-1992 Information

Description

The IBM Power 9 OP910 OP920 and FW910 boot firmware’s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system’s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large malicious replacement it could cause the bootloader during the load of that image to overwrite its own instruction memory and circumvent secure boot protections install trojans etc. IBM X-Force ID: 154345.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/154345 https://www.ibm.com/support/docview.wss?uid=ibm10868992

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.4