The vulnerability allows unauthorized users on the network to trigger a denial of service on IBM OpenBMC firmware versions FW1110.00 through FW1110.11. When exploited, the affected firmware can become unresponsive, preventing remote management of the Power System hardware and potentially leaving systems in an unusable state until a reboot or hardware reset is performed. This weakness is linked to improper validation of network input (CWE‑1284), which enables an attacker to issue malformed or excessive requests that overload the system’s handling routines.

This issue affects IBM Power System devices that ship with OpenBMC firmware FW1110.00 to FW1110.11, specifically the following models: Power System S1122 (9824‑22A), S1124 (9824‑42A), S1122s (9824‑22B), S1114 (9824‑41B), L1122 (9856‑22H), L1124 (9856‑42H), and E1150 (9043‑MRU).

The CVSS score of 5.3 indicates moderate severity. The absence of an EPSS rating and the lack of a KEV listing suggest that public exploit tools or widespread attacks are not documented, yet the ability for unauthenticated network users to reach the BMC over its network interface means the vulnerability can be leveraged easily in environments where the interface is exposed. Therefore, while the exploitation likelihood is uncertain, the potential impact on system availability makes it a meaningful risk that should be addressed promptly.