AIX and VIOS in IBM should be updated now

IBM has released AIX and VIOS iFixes in response to a vulnerability in IBM POWER9 (CVE-2020-4788).

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could under extenuating conditions, allow a local user to access confidential information from the data in the L1 cache. X-Force ID for IBM: 189296.

Friday, November 20, 2020, 09:45 GMT

IBM has released the following fixes for AIX and VIOS in response to CVE-2020-4788.

Details
CVEID: CVE-2020-4788
DESCRIPTION: IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.
CVSS Base score: 5.1
CVSS Temporal Score: See: exchange.xforce.ibmcloud.com/vulnerabilities/189296 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Solution:

AIX and VIOS fixes are available.

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 to avoid a reboot.

The AIX and VIOS fixes can be downloaded via ftp or http from:
aix.software.ibm.com/aix/efixes/security/power9_fix.tar
aix.software.ibm.com/aix/efixes/security/power9_fix.tar
aix.software.ibm.com/aix/efixes/security/power9_fix.tar

References: