Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html https://github.com/adamreiser/dmiwrite https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206
Created dmidecode tracking bugs for this issue: Affects: fedora-36 [bug 2186671] Affects: fedora-37 [bug 2186672]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5061 https://access.redhat.com/errata/RHSA-2023:5061
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5252 https://access.redhat.com/errata/RHSA-2023:5252