Bugzilla – Bug 1210418
VUL-0: CVE-2023-30630: dmidecode: potential file overwrite (dmiwrite)
Last modified: 2024-04-25 14:19:31 UTC
jound by jean delvare https://github.com/adamreiser/dmiwrite is a overwrite exploit for --dump-bin option, when e.g. called with evil dmi code. jean fixed this: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206 https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 and there was a new release: https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html
I filed a CVE request with Mitre
use CVE-2023-30630
For completeness: the exploit requires a dmidecode binary with the setuid permission bit set, or a permissive sudo configuration.
Maintenance team, please hold on from publishing the maintenance updates I have submitted so far. While I was preparing the submission for SUSE:SLE-12-SP2:Update yesterday, I spotted a piece of code which is calling the wrong function for years with no functional impact, however after the applying the hardening patches, this bug turns from harmless to user-visible. I have sent a fix upstream yesterday already: https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html Today I'll backport it to our code streams and resubmit. Sorry for the inconvenience and delay.
Status update: * I resubmitted SLE-15-SP4 and SLE-15-SP1 with the regression fixed yesterday. * I finally have a working backport for SLE-12-SP2 (19 commits, yeah!) which I'll submit this afternoon.
SUSE-SU-2023:1947-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210418 CVE References: CVE-2023-30630 Sources used: openSUSE Leap Micro 5.3 (src): dmidecode-3.4-150400.16.8.1 openSUSE Leap 15.4 (src): dmidecode-3.4-150400.16.8.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): dmidecode-3.4-150400.16.8.1 SUSE Linux Enterprise Micro 5.3 (src): dmidecode-3.4-150400.16.8.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): dmidecode-3.4-150400.16.8.1 SUSE Linux Enterprise Micro 5.4 (src): dmidecode-3.4-150400.16.8.1 Basesystem Module 15-SP4 (src): dmidecode-3.4-150400.16.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2044-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210418 CVE References: CVE-2023-30630 Sources used: SUSE OpenStack Cloud 9 (src): dmidecode-3.0-10.6.1 SUSE OpenStack Cloud Crowbar 9 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise Server 12 SP5 (src): dmidecode-3.0-10.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): dmidecode-3.0-10.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2215-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210418 CVE References: CVE-2023-30630 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Real Time 15 SP3 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): dmidecode-3.2-150100.9.16.1 SUSE Manager Proxy 4.2 (src): dmidecode-3.2-150100.9.16.1 SUSE Manager Retail Branch Server 4.2 (src): dmidecode-3.2-150100.9.16.1 SUSE Manager Server 4.2 (src): dmidecode-3.2-150100.9.16.1 SUSE Enterprise Storage 7.1 (src): dmidecode-3.2-150100.9.16.1 SUSE Enterprise Storage 7 (src): dmidecode-3.2-150100.9.16.1 SUSE CaaS Platform 4.0 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Micro 5.1 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Micro 5.2 (src): dmidecode-3.2-150100.9.16.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): dmidecode-3.2-150100.9.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fix has been released on all affected products as far as I can see, so I think this can be closed. Reassigning to the security team.
Security team, any reason why this bug is still opened?
done