116e8d573SJoseph Reynolds# OpenBMC Security Advisory Template 216e8d573SJoseph Reynolds 316e8d573SJoseph ReynoldsThis has guidelines for OpenBMC repository maintainers to follow when creating 416e8d573SJoseph Reynoldsnew draft GitHub security advisories as part of the [Security response team 516e8d573SJoseph Reynoldsguidelines][]. 616e8d573SJoseph Reynolds 716e8d573SJoseph ReynoldsNote that the sections under the "Description" section are intended for the 816e8d573SJoseph Reynoldssecurity advisory "Description" field 916e8d573SJoseph Reynolds 10*f4febd00SPatrick Williams[security response team guidelines]: ./obmc-security-response-team-guidelines.md 1116e8d573SJoseph Reynolds 1216e8d573SJoseph Reynolds### Affected Product 13*f4febd00SPatrick Williams 14*f4febd00SPatrick WilliamsEcosystem: Other OpenBMC Package name: <TBD> Affected versions: 2.9 Patched 15*f4febd00SPatrick Williamsversions: <TBD> 1616e8d573SJoseph Reynolds 1716e8d573SJoseph Reynolds## Severity 18*f4febd00SPatrick Williams 1916e8d573SJoseph ReynoldsAssess the severity using CVSS. 2016e8d573SJoseph Reynolds 2116e8d573SJoseph Reynolds## CWE 22*f4febd00SPatrick Williams 2316e8d573SJoseph Reynolds<TBD> 2416e8d573SJoseph Reynolds 2516e8d573SJoseph Reynolds## CVE identifier 26*f4febd00SPatrick Williams 2716e8d573SJoseph ReynoldsPlease coordinate with the security response team 2816e8d573SJoseph Reynolds 2916e8d573SJoseph Reynolds## Credits 30*f4febd00SPatrick Williams 3116e8d573SJoseph ReynoldsAttribution to those that discovered and mitigated the vulnerability. 3216e8d573SJoseph Reynolds 3316e8d573SJoseph Reynolds### Title 34*f4febd00SPatrick Williams 3516e8d573SJoseph ReynoldsTitle goes here... 3616e8d573SJoseph Reynolds 3716e8d573SJoseph Reynolds### Description 38*f4febd00SPatrick Williams 3916e8d573SJoseph ReynoldsThe description will be used by vulnerability analysts and should include the 40*f4febd00SPatrick Williamsarea or the function affected, and a description of the issue. There should be 41*f4febd00SPatrick Williamsenough details to differentiate this from similar problems, but not enough 4216e8d573SJoseph Reynoldsdetail to help an attacker exploit the problem. 4316e8d573SJoseph Reynolds 4416e8d573SJoseph Reynolds### Proof Of Concept 45*f4febd00SPatrick Williams 4616e8d573SJoseph ReynoldsIf provided, insert proof of concept here. 4716e8d573SJoseph Reynolds 4816e8d573SJoseph Reynolds### Vulnerability Description 49*f4febd00SPatrick Williams 5016e8d573SJoseph Reynolds...can cause denial of service. 5116e8d573SJoseph Reynolds 5216e8d573SJoseph Reynolds### Affected Release 53*f4febd00SPatrick Williams 5416e8d573SJoseph ReynoldsOpenBMC 2.9 5516e8d573SJoseph Reynolds 5616e8d573SJoseph Reynolds### Fixed in Release 57*f4febd00SPatrick Williams 5816e8d573SJoseph ReynoldsPlease include the commit-id in the affected repo, the commit id for the 5916e8d573SJoseph Reynoldsmetadata, or the version number. 6016e8d573SJoseph Reynolds 6116e8d573SJoseph Reynolds### Mitigation 62*f4febd00SPatrick Williams 63*f4febd00SPatrick WilliamsIf available, describe or provide a link to the mitigation needed until the fix 64*f4febd00SPatrick Williamscan be applied. 6516e8d573SJoseph Reynolds 6616e8d573SJoseph Reynolds### For more information 67*f4febd00SPatrick Williams 6816e8d573SJoseph ReynoldsIf you have any questions or comments about this advisory: 69*f4febd00SPatrick Williams 70*f4febd00SPatrick Williams- Email openbmc-security at lists.ozlabs.org 71