cvelistv5 - cve-2022-35729

cve-2022-35729

Vulnerability from cvelistv5

Published

2023-02-16 20:00

Modified

2024-08-03 09:44

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

References

▼	URL	Tags
	secure@intel.com	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

OpenBMC

Version: before version 0.72

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:21.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html",
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenBMC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 0.72"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-16T20:00:21.007Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html",
          "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-35729",
    "datePublished": "2023-02-16T20:00:21.007Z",
    "dateReserved": "2022-07-22T03:00:26.828Z",
    "dateUpdated": "2024-08-03T09:44:21.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbmc-project:openbmc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.72\", \"matchCriteriaId\": \"1BE0DDEB-4CDB-4958-A96A-636C00C122D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:c621a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2364774-DA5C-48BF-AEDB-E97BFED643F6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:c624a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A12BCD5-2400-4846-862C-C966F146A828\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:c627a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BBE62C7-76BD-4684-8CDE-68DBFF4E5280\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:c629a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8B0316B-1968-4502-955D-78E9BDC2E30C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6839AE9B-9A8A-4312-80FC-0549C675A815\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E0E7358-1EC1-43DA-99B3-A2D6D57E0121\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43808CCF-1EF0-41CE-983D-DD6BB775895E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2C5D3DE-5506-4F16-B7F9-5032A1277D23\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED598260-2A9B-46F7-AA85-0DA97DA0D42D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06F1CFD2-8F32-4CE8-9D9B-C65B332775B8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DD98889-58A1-4A5A-B79A-B2DA9EDA63DA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BF1F73B-4736-40BC-9053-951B5BF1059E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDA47606-176C-4F6B-A316-4C536B63FA4E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF7D9572-8D03-4D54-B0E1-C0A3F3F90FCF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE3CA224-B5DE-4451-9CF9-929ABEA242EF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3D8E340-AE91-4F29-9F22-E0CE6718FC13\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"710DBCD5-788D-4140-AC16-EC6E126CFA66\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A767EC83-AAED-4FEA-A35E-A503369FE4FB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB1ACDED-85B4-4A11-BD03-8E1B9563B7F0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6C4A47D-7F66-4ACC-9C69-0A355D46CDC1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20821868-F7D2-4132-8D63-98E1089DB46C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB9295A-8832-4670-B268-FBD0BC086447\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"489BD4AC-50C6-422B-A2B2-00A70E611114\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5694238-F4E5-4689-ADD2-67C25762ED92\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A57D44C0-AA8D-46B0-8923-ADB312E3937F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A551BBB-76CD-4C26-913F-B02C66E5D846\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A4A44F2-68BF-4709-946B-C976DA3A9C7E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"038AC553-5523-4687-843D-6FEA7264EDEA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DE5D09C-3272-4810-9F41-97BDBBFE4160\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59C5122F-D822-4E71-A417-88EB51F1786B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14C3438-B876-45B9-85F5-61354207AF8A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7C504C3-7EEE-4A0F-8589-19C1E806E690\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5230F6AF-88CB-4EE2-B292-8B9A7217D10F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B45C39D-03E8-46C1-88DD-94E382F4A961\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF2DC691-025A-441E-AAC2-C8583F54733D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8FB7EE6-6808-4879-A0A3-E85FE5CB37CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBE07EA7-4CDF-4038-A948-6AC126C7F6AD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06A2241C-37AE-41AE-A8D1-D9AB18CCE16D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB6DEAA1-3209-4B49-B931-43E8C1C5BE14\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCE086F8-5C8B-4F0C-B53A-76BD4E67B678\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00B21B5C-0FDE-4A8E-A9FC-5CF822A74B20\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB15368B-21A1-429E-8B9C-A095C4E8BA67\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA925F96-6DDD-4F71-BF13-710C8A89D860\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E41414A-6B0B-4511-A9A1-7FF99DD25DB6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91EB66B4-8F1B-4F35-9371-17FB761997CB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBDFD1AF-2716-4C95-ADFF-79EFA915C286\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5390A12B-80BD-4889-BF0F-95E65D10D037\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1D6444A-B9CF-4D70-A8A9-E6B57B6F13DE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05637A96-AF09-4FF5-A918-AB369AA2D1CC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33FA0279-D587-471E-8EC0-211F78DA4DFD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1CC27DB-11D4-412A-BC69-CF32A0CABCF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8FE9694-F0E7-4B45-82A1-065DA96B9794\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB267830-FA6E-4C2E-8BBE-C3DA12A6A33D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D557D68C-8279-4BFD-9EA6-17A83754B8FF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ECA0BC9-1CA4-4B95-B98F-9098B2550309\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1298CF87-124D-450B-928D-F39CCA2BAF42\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF12820F-A2BE-44BF-A85D-7F4623898DAB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.\"}]",
      "id": "CVE-2022-35729",
      "lastModified": "2024-11-21T07:11:33.860",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@intel.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-02-16T21:15:13.023",
      "references": "[{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-35729\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2023-02-16T21:15:13.023\",\"lastModified\":\"2024-11-21T07:11:33.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbmc-project:openbmc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.72\",\"matchCriteriaId\":\"1BE0DDEB-4CDB-4958-A96A-636C00C122D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:c621a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2364774-DA5C-48BF-AEDB-E97BFED643F6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:c624a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A12BCD5-2400-4846-862C-C966F146A828\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:c627a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBE62C7-76BD-4684-8CDE-68DBFF4E5280\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:c629a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8B0316B-1968-4502-955D-78E9BDC2E30C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6839AE9B-9A8A-4312-80FC-0549C675A815\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E0E7358-1EC1-43DA-99B3-A2D6D57E0121\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43808CCF-1EF0-41CE-983D-DD6BB775895E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2C5D3DE-5506-4F16-B7F9-5032A1277D23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED598260-2A9B-46F7-AA85-0DA97DA0D42D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F1CFD2-8F32-4CE8-9D9B-C65B332775B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DD98889-58A1-4A5A-B79A-B2DA9EDA63DA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BF1F73B-4736-40BC-9053-951B5BF1059E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDA47606-176C-4F6B-A316-4C536B63FA4E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF7D9572-8D03-4D54-B0E1-C0A3F3F90FCF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3CA224-B5DE-4451-9CF9-929ABEA242EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3D8E340-AE91-4F29-9F22-E0CE6718FC13\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"710DBCD5-788D-4140-AC16-EC6E126CFA66\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A767EC83-AAED-4FEA-A35E-A503369FE4FB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB1ACDED-85B4-4A11-BD03-8E1B9563B7F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6C4A47D-7F66-4ACC-9C69-0A355D46CDC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20821868-F7D2-4132-8D63-98E1089DB46C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB9295A-8832-4670-B268-FBD0BC086447\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"489BD4AC-50C6-422B-A2B2-00A70E611114\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5694238-F4E5-4689-ADD2-67C25762ED92\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A57D44C0-AA8D-46B0-8923-ADB312E3937F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A551BBB-76CD-4C26-913F-B02C66E5D846\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4A44F2-68BF-4709-946B-C976DA3A9C7E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"038AC553-5523-4687-843D-6FEA7264EDEA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DE5D09C-3272-4810-9F41-97BDBBFE4160\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59C5122F-D822-4E71-A417-88EB51F1786B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14C3438-B876-45B9-85F5-61354207AF8A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7C504C3-7EEE-4A0F-8589-19C1E806E690\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5230F6AF-88CB-4EE2-B292-8B9A7217D10F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B45C39D-03E8-46C1-88DD-94E382F4A961\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2DC691-025A-441E-AAC2-C8583F54733D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8FB7EE6-6808-4879-A0A3-E85FE5CB37CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE07EA7-4CDF-4038-A948-6AC126C7F6AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A2241C-37AE-41AE-A8D1-D9AB18CCE16D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB6DEAA1-3209-4B49-B931-43E8C1C5BE14\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE086F8-5C8B-4F0C-B53A-76BD4E67B678\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00B21B5C-0FDE-4A8E-A9FC-5CF822A74B20\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB15368B-21A1-429E-8B9C-A095C4E8BA67\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA925F96-6DDD-4F71-BF13-710C8A89D860\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E41414A-6B0B-4511-A9A1-7FF99DD25DB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91EB66B4-8F1B-4F35-9371-17FB761997CB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDFD1AF-2716-4C95-ADFF-79EFA915C286\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5390A12B-80BD-4889-BF0F-95E65D10D037\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1D6444A-B9CF-4D70-A8A9-E6B57B6F13DE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05637A96-AF09-4FF5-A918-AB369AA2D1CC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33FA0279-D587-471E-8EC0-211F78DA4DFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1CC27DB-11D4-412A-BC69-CF32A0CABCF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8FE9694-F0E7-4B45-82A1-065DA96B9794\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB267830-FA6E-4C2E-8BBE-C3DA12A6A33D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D557D68C-8279-4BFD-9EA6-17A83754B8FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ECA0BC9-1CA4-4B95-B98F-9098B2550309\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1298CF87-124D-450B-928D-F39CCA2BAF42\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF12820F-A2BE-44BF-A85D-7F4623898DAB\"}]}]}],\"references\":[{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2022-35729

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

Aliases

CVE-2022-35729

Aliases

CVE-2022-35729

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-35729",
    "id": "GSD-2022-35729"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-35729"
      ],
      "details": "Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.",
      "id": "GSD-2022-35729",
      "modified": "2023-12-13T01:19:33.248217Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2022-35729",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenBMC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "before version 0.72"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html",
            "refsource": "MISC",
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:openbmc-project:openbmc:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.72",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:c621a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:c624a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:c627a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:c629a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-35729"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-03-06T17:47Z",
      "publishedDate": "2023-02-16T21:15Z"
    }
  }
}

cve-2022-35729

Vulnerability from fkie_nvd

Published

2023-02-16 21:15

Modified

2024-11-21 07:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

References

▼	URL	Tags
	secure@intel.com	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory

Impacted products

Vendor	Product	Version
openbmc-project	openbmc	*
intel	c621a	-
intel	c624a	-
intel	c627a	-
intel	c629a	-
intel	xeon_gold_5315y	-
intel	xeon_gold_5317	-
intel	xeon_gold_5318h	-
intel	xeon_gold_5318n	-
intel	xeon_gold_5318s	-
intel	xeon_gold_5318y	-
intel	xeon_gold_5320	-
intel	xeon_gold_5320h	-
intel	xeon_gold_5320t	-
intel	xeon_gold_6312u	-
intel	xeon_gold_6314u	-
intel	xeon_gold_6326	-
intel	xeon_gold_6328h	-
intel	xeon_gold_6328hl	-
intel	xeon_gold_6330	-
intel	xeon_gold_6330h	-
intel	xeon_gold_6330n	-
intel	xeon_gold_6334	-
intel	xeon_gold_6336y	-
intel	xeon_gold_6338	-
intel	xeon_gold_6338n	-
intel	xeon_gold_6338t	-
intel	xeon_gold_6342	-
intel	xeon_gold_6346	-
intel	xeon_gold_6348	-
intel	xeon_gold_6348h	-
intel	xeon_gold_6354	-
intel	xeon_platinum_8351n	-
intel	xeon_platinum_8352m	-
intel	xeon_platinum_8352s	-
intel	xeon_platinum_8352v	-
intel	xeon_platinum_8352y	-
intel	xeon_platinum_8353h	-
intel	xeon_platinum_8354h	-
intel	xeon_platinum_8356h	-
intel	xeon_platinum_8358	-
intel	xeon_platinum_8358p	-
intel	xeon_platinum_8360h	-
intel	xeon_platinum_8360hl	-
intel	xeon_platinum_8360y	-
intel	xeon_platinum_8362	-
intel	xeon_platinum_8368	-
intel	xeon_platinum_8368q	-
intel	xeon_platinum_8376h	-
intel	xeon_platinum_8376hl	-
intel	xeon_platinum_8380	-
intel	xeon_platinum_8380h	-
intel	xeon_platinum_8380hl	-
intel	xeon_silver_4309y	-
intel	xeon_silver_4310	-
intel	xeon_silver_4310t	-
intel	xeon_silver_4314	-
intel	xeon_silver_4316	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbmc-project:openbmc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE0DDEB-4CDB-4958-A96A-636C00C122D8",
              "versionEndExcluding": "0.72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:c621a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2364774-DA5C-48BF-AEDB-E97BFED643F6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:c624a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A12BCD5-2400-4846-862C-C966F146A828",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:c627a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BBE62C7-76BD-4684-8CDE-68DBFF4E5280",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:c629a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8B0316B-1968-4502-955D-78E9BDC2E30C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6839AE9B-9A8A-4312-80FC-0549C675A815",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0E7358-1EC1-43DA-99B3-A2D6D57E0121",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43808CCF-1EF0-41CE-983D-DD6BB775895E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C5D3DE-5506-4F16-B7F9-5032A1277D23",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED598260-2A9B-46F7-AA85-0DA97DA0D42D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F1CFD2-8F32-4CE8-9D9B-C65B332775B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD98889-58A1-4A5A-B79A-B2DA9EDA63DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF1F73B-4736-40BC-9053-951B5BF1059E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA47606-176C-4F6B-A316-4C536B63FA4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF7D9572-8D03-4D54-B0E1-C0A3F3F90FCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3CA224-B5DE-4451-9CF9-929ABEA242EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D8E340-AE91-4F29-9F22-E0CE6718FC13",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "710DBCD5-788D-4140-AC16-EC6E126CFA66",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A767EC83-AAED-4FEA-A35E-A503369FE4FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1ACDED-85B4-4A11-BD03-8E1B9563B7F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C4A47D-7F66-4ACC-9C69-0A355D46CDC1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20821868-F7D2-4132-8D63-98E1089DB46C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB9295A-8832-4670-B268-FBD0BC086447",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "489BD4AC-50C6-422B-A2B2-00A70E611114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5694238-F4E5-4689-ADD2-67C25762ED92",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A57D44C0-AA8D-46B0-8923-ADB312E3937F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A551BBB-76CD-4C26-913F-B02C66E5D846",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4A44F2-68BF-4709-946B-C976DA3A9C7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "038AC553-5523-4687-843D-6FEA7264EDEA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE5D09C-3272-4810-9F41-97BDBBFE4160",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C5122F-D822-4E71-A417-88EB51F1786B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14C3438-B876-45B9-85F5-61354207AF8A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7C504C3-7EEE-4A0F-8589-19C1E806E690",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5230F6AF-88CB-4EE2-B292-8B9A7217D10F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B45C39D-03E8-46C1-88DD-94E382F4A961",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2DC691-025A-441E-AAC2-C8583F54733D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FB7EE6-6808-4879-A0A3-E85FE5CB37CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBE07EA7-4CDF-4038-A948-6AC126C7F6AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A2241C-37AE-41AE-A8D1-D9AB18CCE16D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB6DEAA1-3209-4B49-B931-43E8C1C5BE14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCE086F8-5C8B-4F0C-B53A-76BD4E67B678",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B21B5C-0FDE-4A8E-A9FC-5CF822A74B20",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15368B-21A1-429E-8B9C-A095C4E8BA67",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA925F96-6DDD-4F71-BF13-710C8A89D860",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E41414A-6B0B-4511-A9A1-7FF99DD25DB6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91EB66B4-8F1B-4F35-9371-17FB761997CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFD1AF-2716-4C95-ADFF-79EFA915C286",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5390A12B-80BD-4889-BF0F-95E65D10D037",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D6444A-B9CF-4D70-A8A9-E6B57B6F13DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05637A96-AF09-4FF5-A918-AB369AA2D1CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FA0279-D587-471E-8EC0-211F78DA4DFD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1CC27DB-11D4-412A-BC69-CF32A0CABCF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FE9694-F0E7-4B45-82A1-065DA96B9794",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB267830-FA6E-4C2E-8BBE-C3DA12A6A33D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D557D68C-8279-4BFD-9EA6-17A83754B8FF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ECA0BC9-1CA4-4B95-B98F-9098B2550309",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1298CF87-124D-450B-928D-F39CCA2BAF42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF12820F-A2BE-44BF-A85D-7F4623898DAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access."
    }
  ],
  "id": "CVE-2022-35729",
  "lastModified": "2024-11-21T07:11:33.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-16T21:15:13.023",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-jwmp-cwr7-4x96

Vulnerability from github

Published

2023-02-16 21:30

Modified

2023-03-06 18:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-35729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.",
  "id": "GHSA-jwmp-cwr7-4x96",
  "modified": "2023-03-06T18:30:21Z",
  "published": "2023-02-16T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35729"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2023-0376

Vulnerability from csaf_certbund

Published

2023-02-14 23:00

Modified

2023-02-14 23:00

Summary

Intel Chipset: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Intel stellt Chipsätze her, die auf Mainboards zur Ansteuerung der Intel Prozessoren eingesetzt werden.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Intel Chipset ausnutzen, um einen Denial of Service Angriff durchzuführen und seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Intel stellt Chips\u00e4tze her, die auf Mainboards zur Ansteuerung der Intel Prozessoren eingesetzt werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Intel Chipset ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0376 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0376.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0376 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0376"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory vom 2023-02-14",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Chipset: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:14:17.707+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0376",
      "initial_release_date": "2023-02-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Intel Chipset",
            "product": {
              "name": "Intel Chipset",
              "product_id": "T019502",
              "product_identification_helper": {
                "cpe": "cpe:/a:intel:chipset_device_software:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-39296",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Intel Chipset. Der Fehler besteht in der netipmid-Schnittstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er spezielle IPMI-Nachrichten erstellt, um Root-Zugriff auf BMC zu erhalten."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2021-39296"
    },
    {
      "cve": "CVE-2022-35729",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2022-35729"
    },
    {
      "cve": "CVE-2022-29494",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2022-29494"
    },
    {
      "cve": "CVE-2022-29493",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2022-29493"
    },
    {
      "cve": "CVE-2021-39295",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2021-39295"
    }
  ]
}

wid-sec-w-2023-0376

Vulnerability from csaf_certbund

Published

2023-02-14 23:00

Modified

2023-02-14 23:00

Summary

Intel Chipset: Mehrere Schwachstellen

Notes

Produktbeschreibung

Intel stellt Chipsätze her, die auf Mainboards zur Ansteuerung der Intel Prozessoren eingesetzt werden.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Intel Chipset ausnutzen, um einen Denial of Service Angriff durchzuführen und seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Intel stellt Chips\u00e4tze her, die auf Mainboards zur Ansteuerung der Intel Prozessoren eingesetzt werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Intel Chipset ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0376 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0376.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0376 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0376"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory vom 2023-02-14",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Chipset: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:14:17.707+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0376",
      "initial_release_date": "2023-02-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Intel Chipset",
            "product": {
              "name": "Intel Chipset",
              "product_id": "T019502",
              "product_identification_helper": {
                "cpe": "cpe:/a:intel:chipset_device_software:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-39296",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Intel Chipset. Der Fehler besteht in der netipmid-Schnittstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er spezielle IPMI-Nachrichten erstellt, um Root-Zugriff auf BMC zu erhalten."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2021-39296"
    },
    {
      "cve": "CVE-2022-35729",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2022-35729"
    },
    {
      "cve": "CVE-2022-29494",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2022-29494"
    },
    {
      "cve": "CVE-2022-29493",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2022-29493"
    },
    {
      "cve": "CVE-2021-39295",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Chipset existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Bounds-Read, eines unbekannten Problems, einer nicht erfassten Exception und einer unsachgem\u00e4\u00dfen Eingabevalidierung in den Komponenten OpenBMC, integrated BMC und netipmid. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019502"
        ]
      },
      "release_date": "2023-02-14T23:00:00Z",
      "title": "CVE-2021-39295"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2022-35729

Vulnerability from cvelistv5

gsd-2022-35729

Vulnerability from gsd

cve-2022-35729

Vulnerability from fkie_nvd

ghsa-jwmp-cwr7-4x96

Vulnerability from github

WID-SEC-W-2023-0376

Vulnerability from csaf_certbund

wid-sec-w-2023-0376

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature