FKIE_CVE-2025-36035

Vulnerability from fkie_nvd - Published: 2025-09-14 13:15 - Updated: 2025-12-19 13:29
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Summary
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7244813Vendor Advisory
Impacted products
Vendor Product Version
ibm powervm_hypervisor *
ibm power_system_e950_\(9040-mr9\) -
ibm power_system_e980_\(9080-m9s\) -
ibm power_system_h922_\(9223-22h\) -
ibm power_system_h922_\(9223-22s\) -
ibm power_system_h924_\(\(9223-42s\) -
ibm power_system_h924_\(9223-42h\) -
ibm power_system_l922_\(9008-22l\) -
ibm power_system_s914_\(9009-41a\) -
ibm power_system_s914_\(9009-41g\) -
ibm power_system_s922_\(9009-22a\) -
ibm power_system_s922_\(9009-22g\) -
ibm power_system_s924_\(9009-42a\) -
ibm power_system_s924_\(9009-42g\) -
ibm powervm_hypervisor *
ibm powervm_hypervisor *
ibm power_system_e1080_\(9080-hex\) -
ibm powervm_hypervisor *
ibm powervm_hypervisor *
ibm power_system_e1050_\(9043-mrx\) -
ibm power_system_l1022_\(9786-22h\) -
ibm power_system_l1024_\(9786-42h\) -
ibm power_system_s1012_\(9028-21b\) -
ibm power_system_s1014_\(9105-41b\) -
ibm power_system_s1022_\(9105-22a\) -
ibm power_system_s1022s_\(9105-22b\) -
ibm power_system_s1024_\(9105-42a\) -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C075224C-3299-4E1F-BC3B-11EB6BDCF705",
              "versionEndIncluding": "FW950.E0",
              "versionStartIncluding": "FW950.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_e950_\\(9040-mr9\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF58E5C-0A54-4F2F-A426-0BFD1EACE991",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_e980_\\(9080-m9s\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE56BD8-DB0F-4151-9428-42F1B6452D99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_h922_\\(9223-22h\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "633D5D2E-300A-4896-8F90-57F9B7AFE01E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_h922_\\(9223-22s\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7851003-8D6B-4FE8-87D7-BE968E85E448",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_h924_\\(\\(9223-42s\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1F77E3F-524F-491E-AE7B-FAEE4DC251F6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_h924_\\(9223-42h\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24CC25C2-BE64-4022-A229-D639CED27B00",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_l922_\\(9008-22l\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61493605-7807-498B-9DD7-48B244AD0415",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s914_\\(9009-41a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9CA070-A7E4-451A-9C3C-D2622E7A9A92",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s914_\\(9009-41g\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "003F591A-ACCD-497E-BF8A-DE090321D778",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s922_\\(9009-22a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB350B1-3964-485A-AAB3-55558DD375BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s922_\\(9009-22g\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E5E77F-A5BB-46E7-B6B6-B02F242DE829",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s924_\\(9009-42a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A41386-AAE5-409C-9355-2EEB07F01926",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s924_\\(9009-42g\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4038C5DB-DF9C-4661-9590-F6A0CD4D15D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2026A2-926D-402B-8181-8AC2E90F4AC2",
              "versionEndIncluding": "FW1050.50",
              "versionStartIncluding": "FW1050.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B633D94D-3566-44D8-BA35-62F7942E8DB5",
              "versionEndIncluding": "FW1060.40",
              "versionStartIncluding": "FW1060.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_e1080_\\(9080-hex\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF85251B-E02C-4293-98F0-D331BF51CAC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2026A2-926D-402B-8181-8AC2E90F4AC2",
              "versionEndIncluding": "FW1050.50",
              "versionStartIncluding": "FW1050.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B633D94D-3566-44D8-BA35-62F7942E8DB5",
              "versionEndIncluding": "FW1060.40",
              "versionStartIncluding": "FW1060.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_e1050_\\(9043-mrx\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "061D193E-84BC-4DE7-96C4-B75D11769ED5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_l1022_\\(9786-22h\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C09090-C18F-464A-8DEF-E23B5990E2A4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_l1024_\\(9786-42h\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0170400B-89A7-4B44-9AA7-9A168C9CAE9C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s1012_\\(9028-21b\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BED85F2-8CCB-417C-A739-23828966A036",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s1014_\\(9105-41b\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD54B80-5754-4C19-AE0C-F539DEF96DCB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s1022_\\(9105-22a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3E15C41-9CBD-4F66-A176-07B3E9BBD81D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s1022s_\\(9105-22b\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "564A665A-7B94-40CE-A4D9-CDD0CCF52B2E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s1024_\\(9105-42a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49EE658-B8AE-48F7-A765-92BA3A630AA0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."
    }
  ],
  "id": "CVE-2025-36035",
  "lastModified": "2025-12-19T13:29:49.780",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-09-14T13:15:32.450",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7244813"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.