Overview
An update has been released to address vulnerabilities in the OpenBMC package. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-41660
- slpd-lite All versions
Resolved Vulnerabilities
Memory overflow vulnerability in the slpd-lite daemon in BMC (CVE-2024-41660), which could be caused by a malicious user sending slp packets to the BMC using UDP port 427
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-41660
- See Referenced Sites[2] to update
Referenced Sites
[1] CVE-2024-41660 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-41660
[2] openbmc/slpd-lite
https://github.com/openbmc/slpd-lite/commit/20bab74865ba955921eb0e4e427c84e37e1c8916
Article Link: OpenBMC Package Security Update Advisory (CVE-2024-41660) – ASEC