14 lines
1.5 KiB
JSON
14 lines
1.5 KiB
JSON
{
|
|
"id": "openEuler-SA-2023-1264",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1264",
|
|
"title": "An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
|
|
"severity": "Moderate",
|
|
"description": "Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).DMI data can be used to enable or disable specific portions of kernel code depending on the specific hardware. Thus, one use of dmidecode is for kernel developers to detect system \"signatures\" and add them to the kernel source code when needed.\r\n\r\nSecurity Fix(es):\r\n\r\nDmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2023-30630",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30630",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |