CVE-2026-33554

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeIPMI versions prior to 1.16.17

Description The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management and is implemented by numerous hardware manufacturers to support system management. It is commonly used for sensor reading and remote power control. The ipmi-oem client command implements IPMI OEM commands for specific hardware vendors. Three subcommands were found to have exploitable buffer overflows in response messages: 'ipmi-oem dell get-last-post-code' for retrieving the last POST code and error description on some Dell servers, 'ipmi-oem supermicro extra-firmware-info' for obtaining extra firmware information on Supermicro servers, and 'ipmi-oem wistron read-proprietary-string' for reading a proprietary string on Wistron servers.

Recommendations Versions prior to 1.16.17 should be updated to version 1.16.17 or later.

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

ALSA-2026:13515

ALSA-2026:14819

ALSA-2026:19053

ALSA-2026:19208

ALSA-2026:20579

CVE-2026-33554

MGASA-2026-0078

OESA-2026-1737

OESA-2026-1738

OESA-2026-1739

OESA-2026-1740

OESA-2026-1741

OPENSUSE-SU-2026:10436-1

OPENSUSE-SU-2026:20556-1

RHSA-2026:13515

RHSA-2026:14819

RHSA-2026:19053

RHSA-2026:19208

SUSE-SU-2026:21212-1

SUSE-SU-2026:21231-1

Affected Products

Dell Servers

Freeipmi

Rocky Linux

Supermicro Servers

Wistron Servers

CVE-2026-33554

Weakness Enumeration

Related Identifiers

Affected Products

References · 57