PT-2023-6699 · Dmidecode+7 · Dmidecode+7

Published

2023-03-14

Updated

2025-03-04

CVE-2023-30630

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dmidecode versions prior to 3.5

Description The issue is related to insecure management of privileges in the Dmidecode utility of the Linux operating system. This allows an attacker to potentially elevate their privileges. The problem arises because Dmidecode's -dump-bin option can overwrite a local file, which has security implications, especially when Dmidecode is executed via Sudo.

Recommendations For versions prior to 3.5, update to version 3.5 or later to resolve the issue. As a temporary workaround, consider restricting the execution of Dmidecode via Sudo to minimize the risk of exploitation.

Exploit

Fix

Relative Path Traversal

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-269

Related Identifiers

ALSA-2023:5061

ALSA-2023:5252

AZL-26138

BDU:2023-07470

CESA-2023_5252

CVE-2023-30630

ECHO-4A7C-5102-1F27

MGASA-2023-0180

OESA-2023-1264

RHSA-2023:5061

RHSA-2023:5252

RHSA-2023_5061

RHSA-2023_5252

RLSA-2023:5061

ROSA-SA-2023-2282

SUSE-SU-2023:1947-1

SUSE-SU-2023:2044-1

SUSE-SU-2023:2215-1

SUSE-SU-2023_1947-1

SUSE-SU-2023_2044-1

SUSE-SU-2023_2215-1

Affected Products

Almalinux

Centos

Debian

Dmidecode

Red Hat

Red Os

Rocky Linux

Suse

PT-2023-6699 · Dmidecode+7 · Dmidecode+7

CVE-2023-30630

Weakness Enumeration

Related Identifiers

Affected Products

References · 55