116e8d573SJoseph Reynolds# OpenBMC Security Advisory Template 216e8d573SJoseph Reynolds 316e8d573SJoseph ReynoldsThis has guidelines for OpenBMC repository maintainers to follow when creating 4*67032dffSPeter Delevoryasnew draft GitHub security advisories as part of the [Security response team 5*67032dffSPeter Delevoryasguidelines][]. 616e8d573SJoseph Reynolds 716e8d573SJoseph ReynoldsNote that the sections under the "Description" section are intended for the 816e8d573SJoseph Reynoldssecurity advisory "Description" field 916e8d573SJoseph Reynolds 10f4febd00SPatrick Williams[security response team guidelines]: ./obmc-security-response-team-guidelines.md 1116e8d573SJoseph Reynolds 1216e8d573SJoseph Reynolds### Affected Product 13f4febd00SPatrick Williams 14f4febd00SPatrick WilliamsEcosystem: Other OpenBMC Package name: <TBD> Affected versions: 2.9 Patched 15f4febd00SPatrick Williamsversions: <TBD> 1616e8d573SJoseph Reynolds 1716e8d573SJoseph Reynolds## Severity 18f4febd00SPatrick Williams 1916e8d573SJoseph ReynoldsAssess the severity using CVSS. 2016e8d573SJoseph Reynolds 2116e8d573SJoseph Reynolds## CWE 22f4febd00SPatrick Williams 2316e8d573SJoseph Reynolds<TBD> 2416e8d573SJoseph Reynolds 2516e8d573SJoseph Reynolds## CVE identifier 26f4febd00SPatrick Williams 2716e8d573SJoseph ReynoldsPlease coordinate with the security response team 2816e8d573SJoseph Reynolds 2916e8d573SJoseph Reynolds## Credits 30f4febd00SPatrick Williams 3116e8d573SJoseph ReynoldsAttribution to those that discovered and mitigated the vulnerability. 3216e8d573SJoseph Reynolds 3316e8d573SJoseph Reynolds### Title 34f4febd00SPatrick Williams 3516e8d573SJoseph ReynoldsTitle goes here... 3616e8d573SJoseph Reynolds 3716e8d573SJoseph Reynolds### Description 38f4febd00SPatrick Williams 3916e8d573SJoseph ReynoldsThe description will be used by vulnerability analysts and should include the 40f4febd00SPatrick Williamsarea or the function affected, and a description of the issue. There should be 41f4febd00SPatrick Williamsenough details to differentiate this from similar problems, but not enough 4216e8d573SJoseph Reynoldsdetail to help an attacker exploit the problem. 4316e8d573SJoseph Reynolds 4416e8d573SJoseph Reynolds### Proof Of Concept 45f4febd00SPatrick Williams 4616e8d573SJoseph ReynoldsIf provided, insert proof of concept here. 4716e8d573SJoseph Reynolds 4816e8d573SJoseph Reynolds### Vulnerability Description 49f4febd00SPatrick Williams 5016e8d573SJoseph Reynolds...can cause denial of service. 5116e8d573SJoseph Reynolds 5216e8d573SJoseph Reynolds### Affected Release 53f4febd00SPatrick Williams 5416e8d573SJoseph ReynoldsOpenBMC 2.9 5516e8d573SJoseph Reynolds 5616e8d573SJoseph Reynolds### Fixed in Release 57f4febd00SPatrick Williams 5816e8d573SJoseph ReynoldsPlease include the commit-id in the affected repo, the commit id for the 5916e8d573SJoseph Reynoldsmetadata, or the version number. 6016e8d573SJoseph Reynolds 6116e8d573SJoseph Reynolds### Mitigation 62f4febd00SPatrick Williams 63f4febd00SPatrick WilliamsIf available, describe or provide a link to the mitigation needed until the fix 64f4febd00SPatrick Williamscan be applied. 6516e8d573SJoseph Reynolds 6616e8d573SJoseph Reynolds### For more information 67f4febd00SPatrick Williams 6816e8d573SJoseph ReynoldsIf you have any questions or comments about this advisory: 69f4febd00SPatrick Williams 70f4febd00SPatrick Williams- Email openbmc-security at lists.ozlabs.org 71