CVE-2022-35729 : Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before ver

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

Published 2023-02-16 21:15:13

Updated 2023-03-06 17:47:34

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-35729

Openbmc-project » Openbmc
Versions before (<) 0.72
cpe:2.3:a:openbmc-project:openbmc:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » C621a » Version: N/A
When used together with: Intel » C624a » Version: N/A
When used together with: Intel » C627a » Version: N/A
When used together with: Intel » C629a » Version: N/A
When used together with: Intel » Xeon Gold 5315y » Version: N/A
When used together with: Intel » Xeon Gold 5317 » Version: N/A
When used together with: Intel » Xeon Gold 5318h » Version: N/A
When used together with: Intel » Xeon Gold 5318n » Version: N/A
When used together with: Intel » Xeon Gold 5318s » Version: N/A
When used together with: Intel » Xeon Gold 5318y » Version: N/A
When used together with: Intel » Xeon Gold 5320 » Version: N/A
When used together with: Intel » Xeon Gold 5320h » Version: N/A
When used together with: Intel » Xeon Gold 5320t » Version: N/A
When used together with: Intel » Xeon Gold 6312u » Version: N/A
When used together with: Intel » Xeon Gold 6314u » Version: N/A
When used together with: Intel » Xeon Gold 6326 » Version: N/A
When used together with: Intel » Xeon Gold 6328h » Version: N/A
When used together with: Intel » Xeon Gold 6328hl » Version: N/A
When used together with: Intel » Xeon Gold 6330 » Version: N/A
When used together with: Intel » Xeon Gold 6330h » Version: N/A
When used together with: Intel » Xeon Gold 6330n » Version: N/A
When used together with: Intel » Xeon Gold 6334 » Version: N/A
When used together with: Intel » Xeon Gold 6336y » Version: N/A
When used together with: Intel » Xeon Gold 6338 » Version: N/A
When used together with: Intel » Xeon Gold 6338n » Version: N/A
When used together with: Intel » Xeon Gold 6338t » Version: N/A
When used together with: Intel » Xeon Gold 6342 » Version: N/A
When used together with: Intel » Xeon Gold 6346 » Version: N/A
When used together with: Intel » Xeon Gold 6348 » Version: N/A
When used together with: Intel » Xeon Gold 6348h » Version: N/A
When used together with: Intel » Xeon Gold 6354 » Version: N/A
When used together with: Intel » Xeon Platinum 8351n » Version: N/A
When used together with: Intel » Xeon Platinum 8352m » Version: N/A
When used together with: Intel » Xeon Platinum 8352s » Version: N/A
When used together with: Intel » Xeon Platinum 8352v » Version: N/A
When used together with: Intel » Xeon Platinum 8352y » Version: N/A
When used together with: Intel » Xeon Platinum 8353h » Version: N/A
When used together with: Intel » Xeon Platinum 8354h » Version: N/A
When used together with: Intel » Xeon Platinum 8356h » Version: N/A
When used together with: Intel » Xeon Platinum 8358 » Version: N/A
When used together with: Intel » Xeon Platinum 8358p » Version: N/A
When used together with: Intel » Xeon Platinum 8360h » Version: N/A
When used together with: Intel » Xeon Platinum 8360hl » Version: N/A
When used together with: Intel » Xeon Platinum 8360y » Version: N/A
When used together with: Intel » Xeon Platinum 8362 » Version: N/A
When used together with: Intel » Xeon Platinum 8368 » Version: N/A
When used together with: Intel » Xeon Platinum 8368q » Version: N/A
When used together with: Intel » Xeon Platinum 8376h » Version: N/A
When used together with: Intel » Xeon Platinum 8376hl » Version: N/A
When used together with: Intel » Xeon Platinum 8380 » Version: N/A
When used together with: Intel » Xeon Platinum 8380h » Version: N/A
When used together with: Intel » Xeon Platinum 8380hl » Version: N/A
When used together with: Intel » Xeon Silver 4309y » Version: N/A
When used together with: Intel » Xeon Silver 4310 » Version: N/A
When used together with: Intel » Xeon Silver 4310t » Version: N/A
When used together with: Intel » Xeon Silver 4314 » Version: N/A
When used together with: Intel » Xeon Silver 4316 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-35729

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-35729

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Intel Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-35729

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-35729

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html

INTEL-SA-00737
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-35729

Products affected by CVE-2022-35729

Exploit prediction scoring system (EPSS) score for CVE-2022-35729

CVSS scores for CVE-2022-35729

CWE ids for CVE-2022-35729

References for CVE-2022-35729