On Wednesday, January 3, researchers from Google announced a security vulnerability impacting all microprocessors, including processors in the IBM POWER family.

This vulnerability doesn’t allow an external unauthorized party to gain access to a machine, but it could allow a party that has access to the system to access unauthorized data.

If this vulnerability poses a risk to your environment, the first line of defense is the firewalls and security tools that most organizations already have in place. Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to this vulnerability and is a pre-requisite for the OS patch to be effective. These will be available as follows:

  • Firmware patches for POWER7+, POWER8 and POWER9 platforms will be available on January 9. We will provide further communication on supported generations prior to POWER7+,  including firmware patches and availability.
  • Linux operating systems patches will start to become available on January 9.  AIX and i operating system patches will start to become available February 12. Information will be available via PSIRT.

Clients should review these patches in the context of their datacenter environment and standard evaluation practices to determine if they should be applied.

2 COMMENTS

  1. HI ,

    thanx for the infoes, honestly i don’t think this vulnerability is a weakness for the Power/IBM and Unix Aix Machines

    we will see the IBM feedback in short future and which the the reality, and if it is possible that one user connected to the machines
    he could read some Data in not authorized way

    All the best , Max

LEAVE A REPLY

Please enter your comment!
Please enter your name here