CVE-2026-33554

EUVD-2026-14899
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: "ipmi-oem dell get-last-post-code - get the last POST code and string describing the error on some Dell servers," "ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers," and "ipmi-oem wistron read-proprietary-string - read a proprietary string on Wistron servers."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Debian logo
Debian Releases
Debian Product
Codename
freeipmi
bookworm
no-dsa
bullseye
postponed
forky
1.6.17-1
fixed
sid
1.6.17-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
freeipmi
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 12 SP5
1.5.7-3.6.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
freeipmi-devel
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 12 SP5
1.5.7-3.6.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
freeipmi-ipmiseld
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
libfreeipmi17
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 12 SP5
1.5.7-3.6.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
libipmiconsole2
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 12 SP5
1.5.7-3.6.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
libipmidetect0
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 12 SP5
1.5.7-3.6.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
libipmimonitoring6
suse enterprise desktop 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise sap 15 SP7
1.6.8-150400.3.3.1
fixed
suse enterprise server 12 SP5
1.5.7-3.6.1
fixed
suse enterprise server 15 SP4
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP5
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP6
1.6.8-150400.3.3.1
fixed
suse enterprise server 15 SP7
1.6.8-150400.3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
freeipmi
RHEL 9
0:1.6.17-1.el9_7
fixed
freeipmi-bmc-watchdog
RHEL 9
0:1.6.17-1.el9_7
fixed
freeipmi-devel
RHEL 9
0:1.6.17-1.el9_7
fixed
freeipmi-ipmidetectd
RHEL 9
0:1.6.17-1.el9_7
fixed
freeipmi-ipmiseld
RHEL 9
0:1.6.17-1.el9_7
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://ftp.gnu.org/gnu/freeipmi/
https://savannah.gnu.org/bugs/?68140
https://savannah.gnu.org/bugs/?68141
https://savannah.gnu.org/bugs/?68142