CVE-2022-35729 – An out-of-bounds read vulnerability in OpenBMC ... (How to Fix)

Q: What is the severity of CVE-2022-35729?

CVE-2022-35729 has a CVSS score of 7.5 (HIGH). An out-of-bounds read vulnerability in OpenBMC firmware for certain Intel platforms allows unauthenticated attackers to potentially cause denial of service via network access. This affects systems running vulnerable versions of OpenBMC firmware on Intel server platforms. The vulnerability could disrupt baseboard management controller functionality.

📋 TL;DR

An out-of-bounds read vulnerability in OpenBMC firmware for certain Intel platforms allows unauthenticated attackers to potentially cause denial of service via network access. This affects systems running vulnerable versions of OpenBMC firmware on Intel server platforms. The vulnerability could disrupt baseboard management controller functionality.

💻 Affected Systems

Products:

Intel server platforms with OpenBMC firmware

Versions: OpenBMC versions before 0.72

Operating Systems: Not OS-dependent - affects BMC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Intel platforms using vulnerable OpenBMC firmware versions. BMC typically runs on dedicated management processors.

📦 What is this software?

Openbmc by Openbmc Project

View all CVEs affecting Openbmc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of BMC functionality, preventing remote management, monitoring, and potentially affecting host system stability.

🟠

Likely Case

Temporary denial of service affecting BMC web interface, IPMI, or Redfish API services until BMC reset.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting BMC exposure.

🌐 Internet-Facing: HIGH - Unauthenticated network access means exposed BMC interfaces are directly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt management infrastructure but require network access to BMC interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires network access to BMC management interface but no authentication. Specific exploit details not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenBMC version 0.72 or later

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html

Restart Required: Yes

Instructions:

1. Download OpenBMC firmware version 0.72 or later from Intel. 2. Follow Intel's BMC firmware update procedures for your specific platform. 3. Apply firmware update through BMC web interface or IPMI. 4. Reboot BMC after update completes.

🔧 Temporary Workarounds

Network segmentation

all

Isolate BMC management interfaces from untrusted networks

Access control lists

linux

Restrict network access to BMC interfaces using firewall rules

iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate BMC interfaces
Monitor BMC logs for unusual activity and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check OpenBMC firmware version via BMC web interface or IPMI: 'ipmitool mc info' may show firmware version

Check Version:

ipmitool mc info | grep 'Firmware Revision' or check BMC web interface

Verify Fix Applied:

Confirm OpenBMC version is 0.72 or higher through BMC interface

📡 Detection & Monitoring

Log Indicators:

BMC crash logs
Unexpected BMC reboots
Failed authentication attempts to BMC

Network Indicators:

Unusual traffic patterns to BMC ports (80, 443, 623)
Multiple connection attempts to BMC

SIEM Query:

source="bmc_logs" AND ("crash" OR "restart" OR "panic") OR dest_port IN (80, 443, 623) AND src_ip NOT IN trusted_networks

📊 Metadata

CVE ID: CVE-2022-35729

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: February 16, 2023

Last Updated: November 21, 2024

🔗 References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html Vendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-35729, you might also want to check these: