Primary

Context

IBM PowerVM Hypervisor Virtual TPM Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM PowerVM Hypervisor versions FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0. This vulnerability could allow a local user with administrative privileges to access sensitive information from a Virtual Trusted Platform Module (TPM) by using a series of PowerVM service procedures.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information stored in a Virtual TPM.

Remediation

Users should upgrade to FW1110.10(1110_100) or newer for Power 11 systems, FW1060.52(1060_153)/FW1060.60(1060_158) or newer for Power 10 systems, and FW950.F1(950_194)/950.G0(950_203) or newer for Power 9 systems.

Added: Feb 2, 2026, 11:57 PM

Updated: Feb 2, 2026, 11:57 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.8

exploitability

2.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.8

exploitability

2.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM PowerVM Hypervisor Virtual TPM Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM PowerVM Hypervisor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating