OpenBMC Package Security Update Advisory (CVE-2024-41660)

Overview

 

An update has been released to address vulnerabilities in the OpenBMC package. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-41660

  • slpd-lite All versions

     

Resolved Vulnerabilities

Memory overflow vulnerability in the slpd-lite daemon in BMC (CVE-2024-41660), which could be caused by a malicious user sending slp packets to the BMC using UDP port 427

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-41660

  • See Referenced Sites[2] to update

     

Referenced Sites

[1] CVE-2024-41660 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41660

[2] openbmc/slpd-lite

https://github.com/openbmc/slpd-lite/commit/20bab74865ba955921eb0e4e427c84e37e1c8916

Article Link: OpenBMC Package Security Update Advisory (CVE-2024-41660) – ASEC