2484296 – (CVE-2026-50031) CVE-2026-50031 freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client

Bug 2484296 (CVE-2026-50031) - CVE-2026-50031 freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client

Summary: CVE-2026-50031 freeipmi: FreeIPMI: Denial of service via buffer overflow in i...

Keywords:
Status:	NEW
Alias:	CVE-2026-50031
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2484319
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-03 04:01 UTC by OSIDB Bzimport
Modified:	2026-06-03 10:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-03 04:01:13 UTC

ipmi-oem in FreeIPMI before 1.16.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.

Note You need to log in before you can comment on or make changes to this bug.