CVE-2022-29494

Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:c621a:-:::::::*
	cpe:2.3:h:intel:c627a:-:::::::*
	cpe:2.3:h:intel:c629a:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5315y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5317:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318s:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6312u:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6314u:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6326:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6328h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6328hl:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6334:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6336y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6342:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6346:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6348:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6348h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6354:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8351n:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352m:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352s:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352v:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352y:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8353h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8354h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8356h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8358:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8358p:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360hl:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360y:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8362:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8368:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8368q:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8376h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8376hl:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380hl:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4309y:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4310:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4310t:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4314:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4316:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:c741:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:59

Type	Values Removed	Values Added
References	~~() http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html - Vendor Advisory~~	() http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html - Vendor Advisory

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~NVD-CWE-noinfo~~	CWE-20

13 Mar 2023, 16:31

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:h:intel:xeon_platinum_8368:-:::::::* cpe:2.3:h:intel:xeon_silver_4309y:-:::::::* cpe:2.3:h:intel:xeon_silver_4316:-:::::::* cpe:2.3:h:intel:xeon_platinum_8380:-:::::::* cpe:2.3:h:intel:xeon_silver_4310t:-:::::::* cpe:2.3:h:intel:xeon_platinum_8362:-:::::::* cpe:2.3:h:intel:xeon_gold_6338t:-:::::::* cpe:2.3:h:intel:xeon_gold_6348h:-:::::::* cpe:2.3:h:intel:xeon_gold_6312u:-:::::::* cpe:2.3:h:intel:xeon_platinum_8352v:-:::::::* cpe:2.3:h:intel:xeon_gold_6326:-:::::::* cpe:2.3:h:intel:xeon_gold_6330n:-:::::::* cpe:2.3:o:intel:openbmc:::::::: cpe:2.3:h:intel:xeon_gold_6346:-:::::::* cpe:2.3:h:intel:xeon_platinum_8351n:-:::::::* cpe:2.3:h:intel:c627a:-:::::::* cpe:2.3:h:intel:c741:-:::::::* cpe:2.3:h:intel:c629a:-:::::::* cpe:2.3:h:intel:xeon_gold_6338:-:::::::* cpe:2.3:h:intel:xeon_platinum_8356h:-:::::::* cpe:2.3:h:intel:xeon_gold_5318n:-:::::::* cpe:2.3:h:intel:xeon_gold_6328h:-:::::::* cpe:2.3:h:intel:xeon_silver_4314:-:::::::* cpe:2.3:h:intel:xeon_platinum_8352m:-:::::::* cpe:2.3:h:intel:xeon_platinum_8358:-:::::::* cpe:2.3:h:intel:xeon_gold_6338n:-:::::::* cpe:2.3:h:intel:xeon_gold_5320:-:::::::* cpe:2.3:h:intel:xeon_gold_6314u:-:::::::* cpe:2.3:h:intel:xeon_gold_5318y:-:::::::* cpe:2.3:h:intel:xeon_gold_6354:-:::::::* cpe:2.3:h:intel:xeon_platinum_8368q:-:::::::* cpe:2.3:h:intel:xeon_platinum_8376h:-:::::::* cpe:2.3:h:intel:xeon_platinum_8353h:-:::::::* cpe:2.3:h:intel:xeon_silver_4310:-:::::::* cpe:2.3:h:intel:xeon_platinum_8360y:-:::::::* cpe:2.3:h:intel:xeon_platinum_8380h:-:::::::* cpe:2.3:h:intel:xeon_platinum_8360h:-:::::::* cpe:2.3:h:intel:xeon_gold_6330:-:::::::* cpe:2.3:h:intel:xeon_platinum_8360hl:-:::::::* cpe:2.3:h:intel:c621a:-:::::::* cpe:2.3:h:intel:xeon_gold_6342:-:::::::* cpe:2.3:h:intel:xeon_platinum_8376hl:-:::::::* cpe:2.3:h:intel:xeon_gold_5315y:-:::::::* cpe:2.3:h:intel:xeon_gold_5320t:-:::::::* cpe:2.3:h:intel:xeon_gold_6330h:-:::::::* cpe:2.3:h:intel:xeon_gold_5317:-:::::::* cpe:2.3:h:intel:xeon_gold_6334:-:::::::* cpe:2.3:h:intel:xeon_gold_6348:-:::::::* cpe:2.3:h:intel:xeon_platinum_8358p:-:::::::* cpe:2.3:h:intel:xeon_platinum_8352y:-:::::::* cpe:2.3:h:intel:xeon_gold_5320h:-:::::::* cpe:2.3:h:intel:xeon_gold_6336y:-:::::::* cpe:2.3:h:intel:xeon_gold_5318s:-:::::::* cpe:2.3:h:intel:xeon_platinum_8354h:-:::::::* cpe:2.3:h:intel:xeon_platinum_8380hl:-:::::::* cpe:2.3:h:intel:xeon_gold_5318h:-:::::::* cpe:2.3:h:intel:xeon_platinum_8352s:-:::::::* cpe:2.3:h:intel:xeon_gold_6328hl:-:::::::*
References	~~(MISC) http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html -~~	(MISC) http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html - Vendor Advisory

17 Feb 2023, 12:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-16 21:15

Updated : 2024-11-21 06:59

NVD link : CVE-2022-29494

Mitre link : CVE-2022-29494

CVE.ORG link : CVE-2022-29494

JSON object : View

Products Affected

intel

xeon_platinum_8376hl
xeon_gold_5318h
xeon_platinum_8362
xeon_gold_6328hl
xeon_platinum_8351n
xeon_platinum_8352y
xeon_silver_4310
xeon_silver_4310t
xeon_platinum_8353h
xeon_gold_5318n
xeon_gold_5317
xeon_platinum_8352s
xeon_gold_6348h
xeon_platinum_8360h
xeon_platinum_8352m
c627a
xeon_gold_6342
xeon_platinum_8352v
xeon_silver_4316
xeon_gold_6330h
xeon_platinum_8368
openbmc
xeon_gold_5318y
xeon_gold_6338n
xeon_gold_5318s
xeon_platinum_8368q
xeon_gold_6338
xeon_platinum_8376h
xeon_gold_5320h
xeon_platinum_8358
xeon_gold_6338t
xeon_gold_6348
xeon_gold_6312u
xeon_platinum_8380
xeon_platinum_8380hl
xeon_silver_4314
xeon_gold_5320t
xeon_gold_6330n
xeon_gold_6346
c741
xeon_platinum_8380h
xeon_platinum_8360y
xeon_gold_6326
c629a
xeon_gold_6328h
xeon_gold_6354
xeon_gold_6330
xeon_platinum_8354h
xeon_platinum_8358p
xeon_silver_4309y
xeon_gold_5315y
xeon_gold_6334
xeon_gold_5320
xeon_gold_6314u
xeon_gold_6336y
c621a
xeon_platinum_8360hl
xeon_platinum_8356h

CWE

CWE-20

Improper Input Validation

6.5 /10