84 matches found
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client
A flaw was found in FreeIPMI. Specifically, the ipmi-oem client command, which implements Intelligent Platform Management Interface IPMI OEM commands, contains exploitable buffer overflows. A remote attacker could exploit these vulnerabilities by sending specially crafted response messages to the...
SUSE-SU-2026:22243-1 Security update for freeipmi
This update for freeipmi fixes the following issue - CVE-2026-50031: denial of service via buffer overflow in ipmi-oem client bsc1267605...
ipmi: Add limits to event and receive message requests
...
UBUNTU-CVE-2026-46108
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
EUVD-2026-32887
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...
CVE-2026-46128
The CVE-2026-46128 issue concerns the Linux kernel IPMI event message handling. The root cause is an insufficiently validated event message buffer/data size occurring when fetching events, with some BMCs returning an empty message instead of an error. This leads to a potential failure in processi...
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to promptly check the response data in the IPMI event message buffer. This could lead to...
CVE-2026-46044
In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an...
PT-2026-43911
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the ipmi:ssif component where a kernel thread kthread is not properly stopped if an error occurs after it...
Moderate: Red Hat Security Advisory: freeipmi security update
An update for freeipmi is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2026:20579 Moderate: freeipmi security update
The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 For more details about the security issues,...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of the ipmisi.ko and ipmimsghandler.ko modules, the system crashed. The log contains the following...
RLSA-2026:13515 Moderate: freeipmi security update
The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 For more details about the security issues,...
CVE-2026-43221
CVE-2026-43221 affects Linux kernel IPMI/IPMB: the event handler responsible for IPMB read bytes may fail to initialize reads, causing an I2C read to return an uninitialised value from the bus driver. This is described across multiple advisories (Root-OS-UBUNTU-2404, SUSE, Red Hat) as a patchable...
CVE-2026-23322
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...
EUVD-2026-14899
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system...
UBUNTU-CVE-2026-33554
ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘ipmi: fix msg stack when IPMI is disconnected’” This fix reverts to the previous behavior in commit c608966f3f9c2dca596967501d00753282b395fc. This patch contains a minor bug that can cause the IPMI driver to enter an...