Medium6.5Red Hat Linux Updated
Arbitrary IPMI command execution via send_raw deployment step
CVE-2026-54423 Published Jul 8, 2026Updated by vendor Jul 8, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Arbitrary IPMI command execution via send_raw deployment step. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-862.
Affected versions
- < 37.0.1
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Operators can apply the upstream-provided patches which add a blocklist forbidding use of the IPMI send_raw functionality in cleaning and servicing provisioning methods. In environments where the default access model is used (lessee capability not enabled), this vulnerability is not exploitable by non-admin users. Operators who have explicitly delegated lessee or owner capabilities to project-level roles can revoke those delegations to prevent exploitation.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.