freeipmi: buffer overflows on response messages via ipmi-oem

A flaw was found in FreeIPMI. The ipmi-oem program is used to send Intelligent Platform Management Interface IPMI OEM commands for specific hardware vendors to retrieve specific information from the hardware. A malicious server can reply with crafted response messages and cause buffer overflows...

OESA-2026-1737 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

CVE-2026-33554

ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...

FreeIPMI 安全漏洞

FreeIPMI is an open-source server remote management toolset provided by FreeIPMI, which offers features for managing and monitoring IPMI interfaces. Versions of FreeIPMI prior to 1.16.17 contained security vulnerabilities. These vulnerabilities stemmed from buffer overflows in the ipmi-oem client...

CVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...

OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)

Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...