Main Vulnerability Database SB2024030110

SB2024030110 - Insufficient entropy in IBM PowerVM Hypervisor

Published: March 1, 2024

Security Bulletin ID SB2024030110

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient Entropy (CVE-ID: CVE-2021-3505)

The vulnerability allows a local user to decrypt data.

The vulnerability exists in the TPM 2 implementation, which returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7127519