116e8d573SJoseph Reynolds# OpenBMC Security Advisory Template 216e8d573SJoseph Reynolds 316e8d573SJoseph ReynoldsThis has guidelines for OpenBMC repository maintainers to follow when creating 467032dffSPeter Delevoryasnew draft GitHub security advisories as part of the [Security response team 567032dffSPeter Delevoryasguidelines][]. 616e8d573SJoseph Reynolds 716e8d573SJoseph ReynoldsNote that the sections under the "Description" section are intended for the 816e8d573SJoseph Reynoldssecurity advisory "Description" field 916e8d573SJoseph Reynolds 10f4febd00SPatrick Williams[security response team guidelines]: ./obmc-security-response-team-guidelines.md 1116e8d573SJoseph Reynolds 12*309abc91SPatrick Williams## Affected Product 13f4febd00SPatrick Williams 14*309abc91SPatrick Williams- Ecosystem: Other 15*309abc91SPatrick Williams- OpenBMC Package name: `TBD` 16*309abc91SPatrick Williams- Affected versions: 2.9 17*309abc91SPatrick Williams- Patched versions: `TBD` 1816e8d573SJoseph Reynolds 1916e8d573SJoseph Reynolds## Severity 20f4febd00SPatrick Williams 2116e8d573SJoseph ReynoldsAssess the severity using CVSS. 2216e8d573SJoseph Reynolds 2316e8d573SJoseph Reynolds## CWE 24f4febd00SPatrick Williams 25*309abc91SPatrick Williams`TBD` 2616e8d573SJoseph Reynolds 2716e8d573SJoseph Reynolds## CVE identifier 28f4febd00SPatrick Williams 2916e8d573SJoseph ReynoldsPlease coordinate with the security response team 3016e8d573SJoseph Reynolds 3116e8d573SJoseph Reynolds## Credits 32f4febd00SPatrick Williams 3316e8d573SJoseph ReynoldsAttribution to those that discovered and mitigated the vulnerability. 3416e8d573SJoseph Reynolds 3516e8d573SJoseph Reynolds### Title 36f4febd00SPatrick Williams 3716e8d573SJoseph ReynoldsTitle goes here... 3816e8d573SJoseph Reynolds 3916e8d573SJoseph Reynolds### Description 40f4febd00SPatrick Williams 4116e8d573SJoseph ReynoldsThe description will be used by vulnerability analysts and should include the 42f4febd00SPatrick Williamsarea or the function affected, and a description of the issue. There should be 43f4febd00SPatrick Williamsenough details to differentiate this from similar problems, but not enough 4416e8d573SJoseph Reynoldsdetail to help an attacker exploit the problem. 4516e8d573SJoseph Reynolds 4616e8d573SJoseph Reynolds### Proof Of Concept 47f4febd00SPatrick Williams 4816e8d573SJoseph ReynoldsIf provided, insert proof of concept here. 4916e8d573SJoseph Reynolds 5016e8d573SJoseph Reynolds### Vulnerability Description 51f4febd00SPatrick Williams 5216e8d573SJoseph Reynolds...can cause denial of service. 5316e8d573SJoseph Reynolds 5416e8d573SJoseph Reynolds### Affected Release 55f4febd00SPatrick Williams 5616e8d573SJoseph ReynoldsOpenBMC 2.9 5716e8d573SJoseph Reynolds 5816e8d573SJoseph Reynolds### Fixed in Release 59f4febd00SPatrick Williams 6016e8d573SJoseph ReynoldsPlease include the commit-id in the affected repo, the commit id for the 6116e8d573SJoseph Reynoldsmetadata, or the version number. 6216e8d573SJoseph Reynolds 6316e8d573SJoseph Reynolds### Mitigation 64f4febd00SPatrick Williams 65f4febd00SPatrick WilliamsIf available, describe or provide a link to the mitigation needed until the fix 66f4febd00SPatrick Williamscan be applied. 6716e8d573SJoseph Reynolds 6816e8d573SJoseph Reynolds### For more information 69f4febd00SPatrick Williams 7016e8d573SJoseph ReynoldsIf you have any questions or comments about this advisory: 71f4febd00SPatrick Williams 72f4febd00SPatrick Williams- Email openbmc-security at lists.ozlabs.org 73